Security Basics
Windows Active Directory Domains Jul 08 2014 08:48PM
joeb1kenobe gmail com (6 replies)
RE: Windows Active Directory Domains Jul 09 2014 09:27PM
Keith Kooyman (kckooyman tstc edu)
RE: Windows Active Directory Domains Jul 09 2014 02:29PM
Jim B (scififans hotmail com)
Re: Windows Active Directory Domains Jul 09 2014 02:21PM
Kurt Buff (kurt buff gmail com) (1 replies)
RE: Windows Active Directory Domains Jul 14 2014 02:12PM
Mikhail A. Utin (mutin commonwealthcare org)
RE: Windows Active Directory Domains Jul 09 2014 02:18PM
Michael Sturtz (Michael Sturtz PACCAR com)
RE: Windows Active Directory Domains Jul 09 2014 02:02PM
Chris Wessells (cwessells metasource com)
There separate technologies mentioned.

1. Authentication
2. Network segmentation

Active directory is a hierarchy of objects you can "do" stuff with. You can apply policies to affect client machines. You can create groupings of objects to centralize configuration. The relationships are hierarchical. If the account details contained in an OU (Folder) are wished to be kept private, then make a different OU parallel to the existing OU.

Then you can restrict the user's ability to search specific OUs: "Anyone in OU=Company, has a search base of OU=Company." They will never see the OU=HR.

HR
-User
-Computer
Company
-User
-Computer

With forethought and design, there isn't a reason to have the two servers in the forest for this scenario. Additionally the firewall segmentation isn't necessary either. Using NTFS file share permissions will keep users out of sensitive data. Now there are many variables and 100 different ways to solve any IT problem so by all means this is not the only solution. Good luck, AD is a powerful tool that can help control an environment.

Best Regards,
Chris Wessells

Chris Wessells | Sr. Network & Systems Engineer
MetaSource, LLC | 12894 Pony Express Road, Suite 700 | Draper, UT 84020-8334
office 801 984-6606 | mobile 385 202 3735 | cwessells (at) metasource (dot) com [email concealed]

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of joeb1kenobe (at) gmail (dot) com [email concealed]
Sent: Tuesday, July 8, 2014 2:48 PM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Windows Active Directory Domains

I have a scenario where I am trying to evaluate the security benefits of an Active Directory domain structure.

We will call the company XYX Inc. They have an AD Forest/Domain for general users. They also have a separate AD Forest/Domain for their HR Users that is behind a firewall.

The claim is that the separate forests with a one way trust provides the necessary security to protect the HR Information.

My thinking is that having the users/servers in the same forest would provide additional benefit of ease of use for the technical team. Using the already existing firewall, separate the servers behind the firewall for the needed protection of HR files.

Before I make a recommendation of one way or the other, I wanted to elicit the ideas of others who may have seen similar situations.

Thanks

Joe Brown

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

________________________________

NOTICE:
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended only for the use of the Individual (s) named above. If you are not the intended recipient of this e-mail, or the employee or agent responsible for delivering this to the intended recipient, you are hereby notified that any dissemination or copying of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately notify us by telephone at 215-788-8885 or notify us by e-mail at legal (at) metasource (dot) com. [email concealed] Also, please mail a hardcopy of the e-mail to MetaSource at 1900 Frost Road, Suite 100, Bristol, PA 19007 via the U.S. Postal Service. We will reimburse you for all expenses incurred.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: Windows Active Directory Domains Jul 09 2014 01:55PM
Will Boling (will willboling com) (1 replies)
RE: Windows Active Directory Domains Jul 09 2014 04:56PM
Ocala Website Designs LLC (webmaster ocaladesigns com)


 

Privacy Statement
Copyright 2010, SecurityFocus