You have several implementation options that don't require you to redesign your entire network. The solution is to implement a firewall or other control between an internal network and any untrusted network. If you can send a packet from computer A to computer B, you can attack computer B regardless of domains. The problem is a matter of network access rather than domain configuration. Also, unless all your internal servers and workstations are hardened like Web servers on the Internet, an attacker could launch Denial of Service (DoS) attacks or release Internet worms. The lack of a trust relationship doesn't prevent someone from connecting to a shared folder in another domain by using an account in that domain the intruder simply uses the Connect using a different user name option in the Map Network Drive dialog box. For example, an attacker could guess the password of a CORP user account, such as the Administrator account. However, your configuration doesn't prevent someone with access to a workstation at one of your retailers from attacking computers in CORP. Without a trust relationship, no user account in RETAIL can access any computer in CORP. Could a malicious user in our RETAIL domain still attack our network? No trust relationship exists between the domains we update orders and availability with servers in RETAIL through manual file transfers. All our internal servers, workstations, and employee accounts are part of our CORP domain, and our retailer's workstations, servers, and user accounts are in our RETAIL domain. Our corporate network connects to the offices of several thousand independent retailers who sell our product.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |