I am currently involved in a migration project where a number of NT4
domains are to be migrated into an enterprise-wide Active Directory
forest comprising numerous domains. There is no 'IT Department' which
has jurisdiction over all the domains so a huge variation of security
standards is experienced.
To counter the risks posed by the less secure areas, the organisation
I work for has placed firewalls at our interfaces with the other
sections of the enterprise. These firewalls will have to be weakened
or removed completely to facilitate the proposed migration and I am
concerned that this may open the network up to security problems
experienced in the areas with less emphasis on security.
Does anyone have any experience of such a situation? Is it as bad as
I fear, or is Microsoft A/D secure? Are there are documented cases of
this type of migration going wrong due to security being overlooked?
For example, could a compromised workstation in a remote site affect
the workstations or servers in another domain? If so, what can be
done to limit the exposure?
Are there any other things to avoid or to be aware of?
I am currently involved in a migration project where a number of NT4
domains are to be migrated into an enterprise-wide Active Directory
forest comprising numerous domains. There is no 'IT Department' which
has jurisdiction over all the domains so a huge variation of security
standards is experienced.
To counter the risks posed by the less secure areas, the organisation
I work for has placed firewalls at our interfaces with the other
sections of the enterprise. These firewalls will have to be weakened
or removed completely to facilitate the proposed migration and I am
concerned that this may open the network up to security problems
experienced in the areas with less emphasis on security.
Does anyone have any experience of such a situation? Is it as bad as
I fear, or is Microsoft A/D secure? Are there are documented cases of
this type of migration going wrong due to security being overlooked?
For example, could a compromised workstation in a remote site affect
the workstations or servers in another domain? If so, what can be
done to limit the exposure?
Are there any other things to avoid or to be aware of?
Any help will be gratefully received.
Thanks
Regards
Richard
[ reply ]