Re: Is it possible to secure replication?

From: Jacques Koorts (jkoorts_at_gmail.com)
Date: 12/09/04

• Next message: David Cross [MS]: "Re: What to do with certificates when profile is deleted/recreated?"
• Previous message: Roger Abell: "Re: Is it possible to secure replication?"
• In reply to: Roger Abell: "Re: Is it possible to secure replication?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 9 Dec 2004 09:03:30 -0400

Thanks guys, will go and read up on those links

cheers
jk

"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:%238TIuEb3EHA.2156@TK2MSFTNGP10.phx.gbl...
> Adding an extra NIC for this is not the way to go, as this
> implies that you will be taking manual control over the
> DNS records, etc.. and making sure that all proper clients
> have correct distance info in their routing tables so that
> they never attempt use of the "DC private" NIC.
>
> As was pointed out, Kerberos is used for machine authentication,
> the AD replication traffic is already secured, and IPsec is the
> way to add further integrity and privacy on the DC to DC packet
> stream without havng DNS uglies to deal with. There are also
> policies that may be set the increase the packet level security
> of communications, both in general and for schannel.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Jacques Koorts" <jkoorts@gmail.com> wrote in message
> news:10ren4v8prael4e@corp.supernews.com...
>> I have this idea, you add 2 network cards to each DC. One each using it
>> to
>> connect to network, and the other to connect to each other. This linkl
>> between them you then use for replication making it very secured. Can
>> this
>> be done and how?
>>
>>
>
>

---

• Next message: David Cross [MS]: "Re: What to do with certificates when profile is deleted/recreated?"
• Previous message: Roger Abell: "Re: Is it possible to secure replication?"
• In reply to: Roger Abell: "Re: Is it possible to secure replication?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Is it possible to secure replication? ... > stream without havng DNS uglies to deal with. ... > policies that may be set the increase the packet level security ... you add 2 network cards to each DC. ... >> between them you then use for replication making it very secured. ... (microsoft.public.win2000.security) Re: Is it possible to secure replication? ... DNS records, etc.. ... policies that may be set the increase the packet level security ... you add 2 network cards to each DC. ... > between them you then use for replication making it very secured. ... (microsoft.public.win2000.security) Re: Is it possible to secure replication? ... DNS records, etc.. ... policies that may be set the increase the packet level security ... you add 2 network cards to each DC. ... > between them you then use for replication making it very secured. ... (microsoft.public.windows.server.security) Re: Is it possible to secure replication? ... you add 2 network cards to each DC. ... > between them you then use for replication making it very secured. ... They that can give up essential liberty to obtain a little temporary safety ... (microsoft.public.win2000.security) Re: Is it possible to secure replication? ... you add 2 network cards to each DC. ... > between them you then use for replication making it very secured. ... They that can give up essential liberty to obtain a little temporary safety ... (microsoft.public.windows.server.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.windows.server.security  > 2004-12