Educause Security Discussion mailing list archives
Externally administered servers in domain - policies and procedures for joining
From: Gary Flynn <flynngn () JMU EDU>
Date: Tue, 9 Jun 2009 14:56:30 -0400
Hi, Our IT administered Windows servers are in an IT administered domain but departmental servers are either not in a domain at all, are in separate and isolated departmental domains, or in domains where a forest trust exists. We've been requested to consider joining some of the departmental administered web servers into our IT domain in separate OUs. I was at first reluctant to put externally administered servers in our domain but then realized all our domain joined desktops are in our domain. How much worse could a server be? :) Granted, the servers are internet exposed but how much risk does that pose to the domain? I see advantages and disadvantages. Advantages: Ability to leverage central IT patching, inventory, and monitoring services to better protect the server. Disadvantages: Having an externally administered, internet exposed server joined to the same domain as our critical data center systems. The other thing I was wondering about was an appropriate process for the migration. How much effort should be expended in verifying the integrity of the server before joining it to the central domain? Full forensics analysis? Cursory event log and network traffic analysis? Malware and rootkit detection tools? Recent patches and AV definitions? Do you have externally administered servers in the same domain as data center systems? Are your desktops in the same domain as your sensitive servers? What type of policies and procedures do you apply before allowing a device to join a domain? thanks for any enlightenment, -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Externally administered servers in domain - policies and procedures for joining Gary Flynn (Jun 09)
- <Possible follow-ups>
- Re: Externally administered servers in domain - policies and procedures for joining Chris Green (Jun 12)