Re: Microsoft Active Directory security concerns

["Saqib Ali" <docbook.xml () gmail com>]

Using AD for external users is NOT a good idea. If you have to use AD,
see AD Federation Services:
http://www.microsoft.com/downloads/details.aspx?familyid=8A4CCAF1-D55E-4129-8A5F-97093A48FD3D&displaylang=en


On 6/13/06, DHegenbarth () wrberkley com <DHegenbarth () wrberkley com> wrote:
> All,
>
> I have spent most of my time in network security and IDS/IPS technology so
> I'm fairly new to security pertaining to MS Active Directory.  We are
> being asked to evaluate web portal authentication/authorization for users,
> most of whom are not employees of our company.  Our NT group wants to add
> / maintain users in an "external OU", in an existing domain, under our
> existing AD forest.  I think this is a bad idea but I am not versed enough
> in AD to argue the point.  Are there glaring issues with this strategy? My
> concern is that if someone were to gain access to AD they might not only
> effect external applications but internal production as well.
>
> Are "external OU's" that secure?  Are there more secure authentication
> schemes?
>
>
> Any thoughts would be greatly appreciated.
>
>
>
> Dave


--
Saqib Ali, CISSP, ISSAP
Support http://www.capital-punishment.net
-----------
"I fear, if I rebel against my Lord, the retribution of an Awful Day
(The Day of Resurrection)" Al-Quran 6:15
-----------