Re: Active Directory in DMZ - security
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Mon, 4 Jun 2007 20:04:27 +0100
Hi
Probably because DCs shouldn't be placed on DMZ, but if you want to take the risk and because the only purpose is to serve DMZ servers the best that I can think of at the moment is to use IPSec to restrict communications only between the DC and the servers that need AD access, don't forget to closely monitor those servers and define actions in case of security risk or failure, also have a look at:
http://www.microsoft.com/security/default.mspx
http://www.microsoft.com/technet/security/tools/mbsa1/wp.mspx
http://www.microsoft.com/technet/network/ipsec/default.mspx
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MCSE, MVP Directory Services
"Missy Isaacson" <misaacs@xxxxxxxx> wrote in message news:OvrLp2spHHA.2044@xxxxxxxxxxxxxxxxxxxxxxx
We are in the process of implementing an Win2K3 Active Directory forest
(separate from our internal forest with no trusts) in our DMZ strictly for
the purpose of managing security across the 50+ servers currently in the
DMZ. I have found plenty of documentation related to securing domain
controllers, but I am not finding much specific to domain controllers in the
DMZ. I'm sure there must be additional things I should/could do to these
servers.
Any information about this would be appreciated.
.
- References:
- Active Directory in DMZ - security
- From: Missy Isaacson
- Active Directory in DMZ - security
- Prev by Date: Group Policy Question regarding Security / Password requirements
- Next by Date: Re: Group Policy Question regarding Security / Password requirements
- Previous by thread: Active Directory in DMZ - security
- Next by thread: Group Policy Question regarding Security / Password requirements
- Index(es):
Relevant Pages
|
