Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Subject: [fw-wiz] NT domain WAN
From: hermit1 (hermitsmac.com)
Date: Tue Apr 11 2000 - 10:33:22 CDT
- Next message: Rick Smith: "Re: [fw-wiz] Database Encryption"
- Previous message: Bill Pennington: "Re: [fw-wiz] Database Encryption"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A high mucky-muck of my company wants to set up an NT domain with machines
scattered around the USA. (Why is a little unclear to me, but he wants
it.....) When this was proposed last year I screamed and they gave up, for
a while. Now I want advice on whether putting a Cisco VPN router at each
office would be considered to offer enough security. This is not for a lot
of traffic or for really important stuff. They mostly claim to want to
share files and printers - even though no one can explain to me why someone
in Denver should want to print to a printer in Boston.
I pointed out that the security risk is additive (actually x to the nth
power, but keep it simple) since compromise of one machine gives access to
all the others, and anyone who has access to any machine behind the router
probably can access all the NT machines in the domain. This is acceptible
to them, since they already have NT domains scattered through a couple of
buildings (all behind the same firewall, though).
Is this considered safe?
Any suggestions for making this a safer project?
Any reasons or examples that indicate why this is a bad idea?