Re: A theory on Domain membership.
- From: "Jim Harrison" <jim@xxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 29 Nov 2001 12:37:37 -0800
Inline...
Jim Harrison
MCP(NT4, 2K), A+, Network+, PCG
http://isaserver.org/authors/harrison/
----- Original Message -----
From: "Iain Peirse" <Iain.Peirse@xxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, November 29, 2001 01:17
Subject: [isalist] A theory on Domain membership.
http://www.ISAserver.org
Heres one (apologies if I'm behind the times):
Imagine an ISA server setup, for simplicity a single ISA server
publishing services to/from a private LAN. The internal Windows 2000
domain includes every server as a member _except_ ISA. ISA has its own
domain.
Theres a one way trust between the W2K domain and the ISA domain. ISA
trusts W2K, W2K doesnt trust ISA.
My theory is that if the ISA server is compromised that it has no rights
over the main W2K domain.
My questions:
Do you believe this logic is correct?
* Yes, it is.
Will it work?
* Yes, it does (built several)
Is it worth it? (ie. If the ISA were compromised in this situation would
it be any different to if ISA were a member of the main domain?)
* Absolutely! Givent the choice, it's better to lose your edge domain than
the one that everyone depends on.
Has anyone got a similar working setup?
vbr,
Iain.
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
