HelloImagine the following scenario, you have an internal W2K3 forest and an external W2K3 forest on the DMZ. Management wish to create one-way trust between the two forests so the DMZ forest trusts the internal forest for an application.I have read that this is obviously possible but not recommended and cannot find out why. Does anyone know what the exact security issues or exploits could be? Assume we have a firewall with the rules configured to only allow trust traffic through.RegardsDavid****************************************************************************
This message contains confidential information and is intended only
for the individual or entity named. If you are not the named addressee
you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received
this e-mail by mistake and delete this e-mail from your system.
E-mail transmission cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed, arrive
late or incomplete, or contain viruses. The sender therefore does not
accept liability for any errors or omissions in the contents of this
message which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
This message is provided for informational purposes and should not
be construed as an invitation or offer to buy or sell any securities or
related financial instruments.
GAM operates in many jurisdictions and is
regulated or licensed in those jurisdictions as required.
****************************************************************************
Where are you pulling the "not recommended" from?
The issues are not typically technical, but rather procedural once you get past the, "yes, but if it's a DMZ, should internal users have direct access?" questions. :)
One other thing to point out: the users will also have to have direct access to the application. From a network perspective, that's often seen as an issue because the firewall is then configured for any -->DMZ host. That really does defeat the purpose of a DMZ in most cases.
My added $0.04 anyway.
-ajm
On 8/25/06, Wyatt, David <[EMAIL PROTECTED]> wrote:
- Re: [ActiveDir] DMZ and Trusts Al Mulnick
- RE: [ActiveDir] DMZ and Trusts Wyatt, David
- Re: [ActiveDir] DMZ and Trusts Al Mulnick
- RE: [ActiveDir] DMZ and Trusts Wyatt, David