Auditing DNS Record Entries (or deletions)

I got an unusual request from a customer today.  She is in an environment where everyone is currently a domain admin (not a good thing).  Although they are taking my advice and moving to a least priviliged scenario, things are sometimes slow in federations.  In any event, she suspects that other administrators are deleting DNS…

0

How does Authentication Work Cross Domain?

A question that comes up frequently involving federated customers is how does an organization need to configure its firewalls to allow users in a trusted, but not fully trusted, domain to access their resources.  Consider the following scenario: [WEB RESOURCE]—|—FIREWALL—WAN—FIREWALL—|—[USER 2][DOMAIN CTRL A]–|                               |—[DOMAIN CTRL B] User 2 wants to access a web resource in…

3

Active Directory LDAP Queries

Active Directory Users and Computers (2003 version) provides a feature called Saved Queries that takes advantage of LDAP queries to find objects in Active Directory that might meet a specific condition.  When I am working with customers, I am often surprised how little use this feature gets, particularly when customers come to me with concerns…

1

Political Forest and Domain Design

In my work with a large number of federated customers, the unavoidable component of Active Directory design is the age-old question of “How many forests do I need?”  This is simple to define, but challenging to discuss in the board room.  There are three types of forests: enterprise forests, resource forests, and isolated forests.  Every…

0

ADC Lessons Learned the Hard Way

What happens when a federation, each with its own domain, separated by firewalls within a single forest, attempts to implement the Active Directory Connector in a federated fashion?  The perception was that this deployment model would be more secure, because each department could control their instance of the ADC and firewalls could be left in…

0

Security Misunderstandings in Federations

What does it mean to have a secure environment?  Is it proper authentication and access controls?  Freedom from viruses and worms?  Availability?  Acceptable disaster recovery?  Freedom from human error?  Data integrity?  I would argue, and I would assume most would agree, that security is all of these things. Why is it then, that federations focus…

0

The Federation Firewall Boundary

As a specialist by trade in both technology and financial audit, internal control structures and security play an important role in the work that I do.  I came across Steve Riley’s Death of the DMZ over broadband the other day and his thesis really hit home with one who deals in political federations.  For years,…

0