Re: AD in DMZ

• From: "Deus, Attonbitus" <Thor@xxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 10 Jul 2003 12:41:53 -0700

At 12:24 PM 7/10/2003, you wrote:

http://www.ISAserver.org

Correct, Transitive Trusts can not be changed, just about the only way you can create safe separation between domains that live in the same forest is to have your public DMZ domain live and breathe on a separate IP segment separated by a router, this way you could target port specific services and filter out the rest, that would be one heck of master plan though, not one I would even conceive of doing, I can't think of a reason why this configuration is needed.

I would contend that there is no such thing as a "safe separation between domains in the same forest." They would still need to update the schema, which means they would still be vulnerable to privilege escalation attacks...

t

Other related posts:

• » AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ
• » Re: AD in DMZ

1. Home
2. isalist
3. Archive
4. 07-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---