There are also degrees of difference depending on whether you're talking about an AD domain or a WinNT domain. In AD the forest itself is your security boundary.
"Although a domain is in fact a security boundary when considering the management aspects of Active Directory, it does not provide complete isolation in the face of possible attacks by service administrators who maliciously modify the behavior of the system." -from <http://www.microsoft.com/windows2000/docs/addeladmin.doc> > -----Original Message----- > From: Erik Sojka [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 10:19 AM > To: MS-Exchange Admin Issues > Subject: RE: domain > > > That's a wide open question. Are you talking for an internal > network or just for a DMZ deployment? > > A box in the DMZ should be in its own separate thing (domain > or WG, doesn't matter which). If that box gets compromised, > then the damage is only limited to that box. The attacker > doesn't also get access to the production domain or any other > DMZ boxes. > > -----Original Message----- > From: MHR(Michael Ross) [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 30, 2002 11:17 AM > To: MS-Exchange Admin Issues > Subject: domain > > > Can anyone settle a bet? > > I have a coworker who is saying a workgroup is more > secure than a domain, I say its the otherway around. > He is also betting me that any servers setup in your > DMZ should be setup in workgoups and not domains... > List Charter and FAQ at: > http://www.sunbelt-software.com/exchange_list_charter.htm > > > List Charter and FAQ at: > http://www.sunbelt-> software.com/exchange_list_charter.htm > > List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
