|
Focus on Microsoft
RE: Domain Controller Best Practice - Thanks! Feb 24 2005 09:00PM Murtland, Jerry (MurtlandJ Grangeinsurance com) (3 replies) RE: Domain Controller Best Practice - Thanks! Mar 02 2005 10:53PM Adam Vaxvick (avaxvick sunwaptasolutions com) |
|
|
Privacy Statement |
> I don't think I've heard anyone say that "you are not creating a real
> security risk by allowing your DC to also function as a file server". In
> fact you are. All user authentication is occurring on this system. User
> ID's and Passwords for your entire organization are stored here in the SAM
> file. I would consider this a substantial risk to any IT infrastructure.
But you wouldn't be sharing the "SAM file" now, would you?
Aside from availability/load issues, what security risks are really
present? You have a Domain Controller in your network. Network
authentication is possible/exposed one way or another. One the other
hand, you have a simple file server service files via a share point. Why
can't the domain controller also be sharing files? (Again, focus on
security, not availability concerns. For this example, assume that hosts
has oodles of CPU power and bandwidth, and the share is located on a
separate dive from the AD data.)
Could you please outline some attack vectors that you would not have on
a layout using two servers (one for authentication and one for file
sharing)? Remember, we're talking access to file shares, not local logon
access.
Thanks in advance,
Frank
[ reply ]