Piercing Security Boundaries—The Ultimate Forest Design Issue
Trusting someone has its risks. There is always the chance that the person will dishonor that trust and do you harm. This is also true of trust relationships between Windows domains and forests. Whenever you pierce a security boundary, you open another avenue of attack. Should an attacker obtain access to one domain, he may be able to more easily penetrate the defenses of the other. You will need to plan for this eventuality. You should also realize that your own trusted administrators might use the new conditions to fraudulently obtain privileges in the trusting domain or forest.
Windows NT 4.0 domains are security boundaries. Administrators in each Windows NT 4.0 domain have no rights ...
Get Windows Server 2003 Security: A Technical Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
