A theory on Domain membership.

• From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 29 Nov 2001 09:17:04 -0000

Heres one (apologies if I'm behind the times):

Imagine an ISA server setup, for simplicity a single ISA server
publishing services to/from a private LAN. The internal Windows 2000
domain includes every server as a member _except_ ISA. ISA has its own
domain.
Theres a one way trust between the W2K domain and the ISA domain. ISA
trusts W2K, W2K doesnt trust ISA.

My theory is that if the ISA server is compromised that it has no rights
over the main W2K domain.

My questions:
Do you believe this logic is correct?
Will it work?
Is it worth it? (ie. If the ISA were compromised in this situation would
it be any different to if ISA were a member of the main domain?)
Has anyone got a similar working setup?

vbr,
Iain.

• » A theory on Domain membership.
• » Re: A theory on Domain membership.

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription