Which scenario is more secure? (VPN)

M

Mr. Magoo

Scenario 1:
I have a Windows box running IAG (the Microsoft Remote Access solution).
Such box is in the 'perimeter' network. This box is supposed to be joined to
the internal domain in order to allow users to reset passwords, etc.

Scenario 2:
Linux based VPN box. Box is also in the perimeter network. Box is not joined
to the domain at all.
This box requires to have a domain user account with 'reset password rigts'
configured. Hard drive of such machine is protected by strong encryption.

From a security stand point, which solution above is stronger?
 
M

Mr. Magoo

I mean, my point is not regarding a debate on whether Windows vs Linux is
stronger.
I am just saying that the scenario 1 requires that the machine gets joined
to the domain. The scenario 2 requires a service account with reset password
rights in order to work properly and allow users with expiring passwords to
change their passwords when connecting via VPN.

"Mr. Magoo" wrote:

> Scenario 1:
> I have a Windows box running IAG (the Microsoft Remote Access solution).
> Such box is in the 'perimeter' network. This box is supposed to be joined to
> the internal domain in order to allow users to reset passwords, etc.
>
> Scenario 2:
> Linux based VPN box. Box is also in the perimeter network. Box is not joined
> to the domain at all.
> This box requires to have a domain user account with 'reset password rigts'
> configured. Hard drive of such machine is protected by strong encryption.
>
> From a security stand point, which solution above is stronger?
>
 
S

S. Pidgorny

A computer being a part of a domain is not a security weakness a generic
account that has permission to reset all users' passwords can be.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Mr. Magoo" <MrMagoo@discussions.microsoft.com> wrote in message
news:0539F839-8FE8-4153-87CC-709A9A84C4EE@microsoft.com...
>I mean, my point is not regarding a debate on whether Windows vs Linux is
> stronger.
> I am just saying that the scenario 1 requires that the machine gets joined
> to the domain. The scenario 2 requires a service account with reset
> password
> rights in order to work properly and allow users with expiring passwords
> to
> change their passwords when connecting via VPN.
>
> "Mr. Magoo" wrote:
>
>> Scenario 1:
>> I have a Windows box running IAG (the Microsoft Remote Access solution).
>> Such box is in the 'perimeter' network. This box is supposed to be joined
>> to
>> the internal domain in order to allow users to reset passwords, etc.
>>
>> Scenario 2:
>> Linux based VPN box. Box is also in the perimeter network. Box is not
>> joined
>> to the domain at all.
>> This box requires to have a domain user account with 'reset password
>> rigts'
>> configured. Hard drive of such machine is protected by strong encryption.
>>
>> From a security stand point, which solution above is stronger?
>>
 
You must log in or register to reply here.

Similar threads

3
Unable to browse to company website on domain joined machines
Replies
0
Views
45
360VisionIT
3
F
PPTP and L2TP deprecation: A new era of secure connectivity
Replies
0
Views
23
Farhan_Ali
F
J
Internet connection is lost at random times when Windows VPN is active
Replies
0
Views
66
Jeff Benson1
J
M
Mapped Drives not showing in File Explorer
Replies
0
Views
94
Michael Lynch (mlynch)
M
D
  • Article
Update on Recall security and privacy architecture
Replies
0
Views
47
David Weston, Vice President Enterprise and OS
D
Back
Top Bottom