Security Basics mailing list archives

Microsoft Active Directory security concerns

From: DHegenbarth () wrberkley com
Date: Tue, 13 Jun 2006 12:05:56 -0400

All,

I have spent most of my time in network security and IDS/IPS technology so 
I'm fairly new to security pertaining to MS Active Directory.  We are 
being asked to evaluate web portal authentication/authorization for users, 
most of whom are not employees of our company.  Our NT group wants to add 
/ maintain users in an "external OU", in an existing domain, under our 
existing AD forest.  I think this is a bad idea but I am not versed enough 
in AD to argue the point.  Are there glaring issues with this strategy? My 
concern is that if someone were to gain access to AD they might not only 
effect external applications but internal production as well.

Are "external OU's" that secure?  Are there more secure authentication 
schemes?


Any thoughts would be greatly appreciated.



Dave

Current thread:

Microsoft Active Directory security concerns DHegenbarth (Jun 13)
- Re: Microsoft Active Directory security concerns Saqib Ali (Jun 13)
- RE: Microsoft Active Directory security concerns Jason Dinsdale (Jun 27)
- <Possible follow-ups>
- re: Microsoft Active Directory security concerns T Dog (Jun 13)
- RE: Microsoft Active Directory security concerns Robertson, Seth (JSC-IM) (Jun 13)
- RE: Microsoft Active Directory security concerns Ramsdell, Scott (Jun 13)
  - RE: Microsoft Active Directory security concerns Depp, Dennis M. (Jun 14)
- Re: re: Microsoft Active Directory security concerns adam . dawson (Jun 14)
- Re: Microsoft Active Directory security concerns simonis (Jun 15)