> 1. In the scenario described, the Domain Controllers that the Firewall
> can defer authentication to are inside the Firewall, so any attempts at
> getting either between the Firewall and the DCs requires a breach in the
> Firewall first.
1. Not all breaches are equal. It's easier to slip a trojan in
(possibly using Java or ActiveX) that diddles a password
than it is to slip something in that can establish a hole
big enough for interactive browsing and other shenanigans.
2. There are social issues as well: tricking someone into messing
up the domain security is going to be easier than getting
them to do something on the firewall. And it's more likely
that someone will be sloppy in internal domain administration
than on the firewall.
This is related to my objection to ActiveX: it's more likely
that one of a hundred vendors will make a mistake than one of
two. My experiences with UNIX security holes leads me to this
conclusion: the more people you have responsible for parts of
a security system the more likely you'll have a breach.
I'd rather have *one* firewall administrator doing configuration
than five.
I've already said that I don't think snooping the password is going to be
a problem. NT at least obscures that on the net.
> Since a DC could also be used as a
> workstation, they can be transparently placed in many locations, albeit
> with a higher level of risk.
I've found that the interactive response of server makes this less than
desirable.
> ...due to licensing restrictions, this message can only be read by 10
> people within 10 minutes...
I thought you'd disNO CARRIER
|
|
