Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Security Basics: AD across both DMZ & LAN

AD across both DMZ & LAN

From: Leon North <leon_nc_at_linuxmail.org>
Date: Tue, 01 Mar 2005 15:20:07 +0000

Hi,

We currently have an NT4 domain in the DMZ and an unrelated NT4 domain internally. The DMZ domain contains a server running citrix, and is used for internet web browsing/email, so that we only have to allow the citrix connection through the FW to the LAN & no internal users can directly access the internet from their PC's.

As part of an upgrade to Active Directory (both domains Win2k3), we would like to get the DMZ to trust the internal domain, so that we only have one set of user accounts to manage. But I am not sure about a couple of things with this setup-

1. Will this work like this, so that we only need 1 user account per user instead of a seperate one externally to internally? (excuse the vagueness of the question)

2. If so, is that (not ideal I know but) an acceptable approach security wise, when the DMZ DC can access the accounts on the internal domain?

3. Can we configure it somehow so that the user gets a different profile when logging in to the DMZ only? I ask that because one potential issue I see is getting a virus infection into user profile while logged into the DMZ, then logging into an internal server.

Thanks for any help.

Leon 

-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.
Powered by Outblaze
Received on Mar 01 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]