[isapros] Re: TMG - Separate Forest?
- From: Jason Jones <Jason.Jones@xxxxxxxxxxxxxxxxx>
- To: "isapros@xxxxxxxxxxxxx" <isapros@xxxxxxxxxxxxx>
- Date: Mon, 12 May 2008 15:01:22 +0100
Thanks for the clarification Jim...
Does the following KB http://support.microsoft.com/kb/942637/ fix the KCD
issue, or this just for multiple domains in a single forest? If so, lack of KCD
would be enough to put me off as this feature is great :)
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jim Harrison
Sent: 12 May 2008 14:21
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: TMG - Separate Forest?
Actually, that "old-school approach" does limit the threat of exposure for your
internal forest. It's not about "if ISA gets compromised" as much as "if an
account is compromised".
If you have the skill and means to build that and can tolerate the limits it
imposes (no KCD from the edge), then this is a good recommendation.
What isn't stated is that this can be one part of a layered ISA deployment.
FWIW, MSIT deploys ISA / TNG at the edge in the same forest as the user
accounts.
Jim
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Jason Jones
Sent: Monday, May 12, 2008 1:13 AM
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] TMG - Separate Forest?
Just noticed this in the current TMG documentation...disappointed this old
school approach is still recommended :-(
"At the edge, you can install Forefront TMG as a domain member or in workgroup
mode. As a domain member, we recommend that you install Forefront TMG in a
separate forest (rather than in the internal forest of your corporate network),
with a one-way trust to the corporate forest. This may help the internal forest
from being compromised, even if an attack is mounted on the forest of the
Forefront TMG computer. There are some limitations with this deployment. For
example, you can configure client certificate authentication only for users
defined in the Forefront TMG domain, and not for users in the corporate
internal domain or forest."
You guys spent much time looking at TMG yet?
JJ
________________________________
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you have
received this email in error, or if you believe this email is unsolicited and
wish to be removed from any future mailings, please contact our Support Desk
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
If this email contains a quotation then unless otherwise stated it is valid for
7 days and offered subject to Silversands Professional Services Terms and
Conditions, a copy of which is available on request. Any pricing information,
design information or information concerning specific Silversands' staff
contained in this email is considered confidential or of commercial interest
and exempt from the Freedom of Information Act 2000.
Any view or opinions presented are solely those of the author and do not
necessarily represent those of Silversands
Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.
This email and any files transmitted with it are confidential and intended
solely for the use of the individual to whom it is addressed. If you have
received this email in error, or if you believe this email is unsolicited and
wish to be removed from any future mailings, please contact our Support Desk
immediately on 01202 360360 or email helpdesk@xxxxxxxxxxxxxxxxx
If this email contains a quotation then unless otherwise stated it is valid for
7 days and offered subject to Silversands Professional Services Terms and
Conditions, a copy of which is available on request. Any pricing information,
design information or information concerning specific Silversands' staff
contained in this email is considered confidential or of commercial interest
and exempt from the Freedom of Information Act 2000.
Any view or opinions presented are solely those of the author and do not
necessarily represent those of Silversands
Silversands Limited, 3 Albany Park, Cabot Lane, Poole, BH17 7BX.
Company Registration Number : 2141393.
- References:
- [isapros] TMG - Separate Forest?
- From: Jason Jones
- [isapros] Re: TMG - Separate Forest?
- From: Jim Harrison
Other related posts:
- » [isapros] TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- » [isapros] Re: TMG - Separate Forest?
- [isapros] TMG - Separate Forest?
- From: Jason Jones
- [isapros] Re: TMG - Separate Forest?
- From: Jim Harrison