Welcome to MSDN Blogs Sign in | Join | Help

Security (RSS)

Security is always a driving force in the unraveling of federations. Since it is an important topic, I try to point out the types of issues that represent true security problems versus a mere misunderstanding of threat models.
Wednesday, August 23, 2006 10:09 PM

Auditing DNS Record Entries (or deletions)

I got an unusual request from a customer today. She is in an environment where everyone is currently a domain admin (not a good thing). Although they are taking my advice and moving to a least priviliged scenario, things are sometimes slow in federations.
Posted by anthonw | 0 Comments
Filed under: ,
Wednesday, August 02, 2006 12:29 AM

How does Authentication Work Cross Domain?

A question that comes up frequently involving federated customers is how does an organization need to configure its firewalls to allow users in a trusted, but not fully trusted, domain to access their resources. Consider the following scenario: [WEB RESOURCE]---|---FIREWALL---WAN---FIREWALL---|---[USER
Posted by anthonw | 3 Comments
Filed under: ,
Thursday, June 22, 2006 2:19 PM

Active Directory LDAP Queries

Active Directory Users and Computers (2003 version) provides a feature called Saved Queries that takes advantage of LDAP queries to find objects in Active Directory that might meet a specific condition. When I am working with customers, I am often surprised
Posted by anthonw | 1 Comments
Filed under: , ,
Friday, March 04, 2005 11:53 PM

Political Forest and Domain Design

In my work with a large number of federated customers, the unavoidable component of Active Directory design is the age-old question of "How many forests do I need?" This is simple to define, but challenging to discuss in the board room. There are three
Posted by anthonw | 2 Comments
Filed under: , ,
Sunday, February 27, 2005 5:02 PM

ADC Lessons Learned the Hard Way

What happens when a federation, each with its own domain, separated by firewalls within a single forest, attempts to implement the Active Directory Connector in a federated fashion? The perception was that this deployment model would be more secure, because
Posted by anthonw | 0 Comments
Filed under: ,
Friday, February 25, 2005 12:02 AM

Security Misunderstandings in Federations

What does it mean to have a secure environment? Is it proper authentication and access controls? Freedom from viruses and worms? Availability? Acceptable disaster recovery? Freedom from human error? Data integrity? I would argue, and I would assume most
Posted by anthonw | 3 Comments
Filed under:
Tuesday, February 22, 2005 11:50 PM

The Federation Firewall Boundary

As a specialist by trade in both technology and financial audit, internal control structures and security play an important role in the work that I do. I came across Steve Riley's Death of the DMZ over broadband the other day and his thesis really hit
Posted by anthonw | 2 Comments
Filed under: ,
 
Page view tracker