Security Basics mailing list archives
Re: Microsoft Active Directory security concerns
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Tue, 13 Jun 2006 10:57:01 -0700
Using AD for external users is NOT a good idea. If you have to use AD, see AD Federation Services: http://www.microsoft.com/downloads/details.aspx?familyid=8A4CCAF1-D55E-4129-8A5F-97093A48FD3D&displaylang=en On 6/13/06, DHegenbarth () wrberkley com <DHegenbarth () wrberkley com> wrote:
All, I have spent most of my time in network security and IDS/IPS technology so I'm fairly new to security pertaining to MS Active Directory. We are being asked to evaluate web portal authentication/authorization for users, most of whom are not employees of our company. Our NT group wants to add / maintain users in an "external OU", in an existing domain, under our existing AD forest. I think this is a bad idea but I am not versed enough in AD to argue the point. Are there glaring issues with this strategy? My concern is that if someone were to gain access to AD they might not only effect external applications but internal production as well. Are "external OU's" that secure? Are there more secure authentication schemes? Any thoughts would be greatly appreciated. Dave
-- Saqib Ali, CISSP, ISSAP Support http://www.capital-punishment.net ----------- "I fear, if I rebel against my Lord, the retribution of an Awful Day (The Day of Resurrection)" Al-Quran 6:15 -----------
Current thread:
- Microsoft Active Directory security concerns DHegenbarth (Jun 13)
- Re: Microsoft Active Directory security concerns Saqib Ali (Jun 13)
- RE: Microsoft Active Directory security concerns Jason Dinsdale (Jun 27)
- <Possible follow-ups>
- re: Microsoft Active Directory security concerns T Dog (Jun 13)
- RE: Microsoft Active Directory security concerns Robertson, Seth (JSC-IM) (Jun 13)
- RE: Microsoft Active Directory security concerns Ramsdell, Scott (Jun 13)
- RE: Microsoft Active Directory security concerns Depp, Dennis M. (Jun 14)
- Re: re: Microsoft Active Directory security concerns adam . dawson (Jun 14)
- Re: Microsoft Active Directory security concerns simonis (Jun 15)