RE: Windows Active Directory Domains

[Chris Wessells <cwessells () metasource com>]

There separate technologies mentioned.

1. Authentication
2. Network segmentation

Active directory is a hierarchy of objects you can "do" stuff with.  You can apply policies to affect client machines.  
You can create groupings of objects to centralize configuration.  The relationships are hierarchical.  If the account 
details contained in an OU (Folder) are wished to be kept private, then make a different OU parallel to the existing OU.

Then you can restrict the user's ability to search specific OUs: "Anyone in OU=Company, has a search base of 
OU=Company."  They will never see the OU=HR.

HR
-User
-Computer
Company
-User
-Computer

With forethought and design, there isn't a reason to have the two servers in the forest for this scenario.  
Additionally the firewall segmentation isn't necessary either.  Using NTFS file share permissions will keep users out 
of sensitive data.  Now there are many variables and 100 different ways to solve any IT problem so by all means this is 
not the only solution.  Good luck, AD is a powerful tool that can help control an environment.

Best Regards,
Chris Wessells

Chris Wessells | Sr. Network & Systems Engineer
MetaSource, LLC | 12894 Pony Express Road, Suite 700 | Draper, UT  84020-8334
office 801 984-6606 | mobile 385 202 3735 | cwessells () metasource com

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of joeb1kenobe () gmail com
Sent: Tuesday, July 8, 2014 2:48 PM
To: security-basics () securityfocus com
Subject: Windows Active Directory Domains

I have a scenario where I am trying to evaluate the security benefits of an Active Directory domain structure.

We will call the company XYX Inc. They have an AD Forest/Domain for general users. They also have a separate AD 
Forest/Domain for their HR Users that is behind a firewall.

The claim is that the separate forests with a one way trust provides the necessary security to protect the HR 
Information.

My thinking is that having the users/servers in the same forest would provide additional benefit of ease of use for the 
technical team. Using the already existing firewall, separate the servers behind the firewall for the needed protection 
of HR files.

Before I make a recommendation of one way or the other, I wanted to elicit the ideas of others who may have seen 
similar situations.

Thanks

Joe Brown

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and 
who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell 
if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your 
Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing 
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


________________________________

NOTICE:
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended only for the use of the Individual (s) named 
above. If you are not the intended recipient of this e-mail, or the employee or agent responsible for delivering this 
to the intended recipient, you are hereby notified that any dissemination or copying of this e-mail is strictly 
prohibited. If you have received this e-mail in error, please immediately notify us by telephone at 215-788-8885 or 
notify us by e-mail at legal () metasource com. Also, please mail a hardcopy of the e-mail to MetaSource at 1900 Frost 
Road, Suite 100, Bristol, PA 19007 via the U.S. Postal Service. We will reimburse you for all expenses incurred.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------