Subdomain securityDec 15 2004 11:24PM Oren Held (oren held org il) (1 replies)
Hello,
I have to install a *secure* windows domain inside an insecure network.
This means that my domain will be behind a firewall ofcourse.
Now, I've got two possibilities for the domain configuration:
Option 1: My domain would actually be a subdomain inside the insecure
forest.
Option 2: Create a totally new forest.
So, surely option #2 is more secure, but the management pushes to
choosing option #1. so.. few questions about option #1:
a. Which ports should be opened by the firewall in order for the
subdomain to function well but be the most secure? Any references?
b. Does an admin (a member of the Enterprise Admin group) from the
root-domain have access to my subdomain? Can I prevent it at all?
c. Do you know any networks that implement option #1 with a firewall and
think they're quite secure from the other domains, or is it a totally
twisted idea?
I have to install a *secure* windows domain inside an insecure network.
This means that my domain will be behind a firewall ofcourse.
Now, I've got two possibilities for the domain configuration:
Option 1: My domain would actually be a subdomain inside the insecure
forest.
Option 2: Create a totally new forest.
So, surely option #2 is more secure, but the management pushes to
choosing option #1. so.. few questions about option #1:
a. Which ports should be opened by the firewall in order for the
subdomain to function well but be the most secure? Any references?
b. Does an admin (a member of the Enterprise Admin group) from the
root-domain have access to my subdomain? Can I prevent it at all?
c. Do you know any networks that implement option #1 with a firewall and
think they're quite secure from the other domains, or is it a totally
twisted idea?
Thanks a lot people,
- Oren
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]