Which scenario is more secure? (VPN)

M

Mr. Magoo

Scenario 1:
I have a Windows box running IAG (the Microsoft Remote Access solution).
Such box is in the 'perimeter' network. This box is supposed to be joined to
the internal domain in order to allow users to reset passwords, etc.

Scenario 2:
Linux based VPN box. Box is also in the perimeter network. Box is not joined
to the domain at all.
This box requires to have a domain user account with 'reset password rigts'
configured. Hard drive of such machine is protected by strong encryption.

From a security stand point, which solution above is stronger?
 
M

Mr. Magoo

I mean, my point is not regarding a debate on whether Windows vs Linux is
stronger.
I am just saying that the scenario 1 requires that the machine gets joined
to the domain. The scenario 2 requires a service account with reset password
rights in order to work properly and allow users with expiring passwords to
change their passwords when connecting via VPN.

"Mr. Magoo" wrote:

> Scenario 1:
> I have a Windows box running IAG (the Microsoft Remote Access solution).
> Such box is in the 'perimeter' network. This box is supposed to be joined to
> the internal domain in order to allow users to reset passwords, etc.
>
> Scenario 2:
> Linux based VPN box. Box is also in the perimeter network. Box is not joined
> to the domain at all.
> This box requires to have a domain user account with 'reset password rigts'
> configured. Hard drive of such machine is protected by strong encryption.
>
> From a security stand point, which solution above is stronger?
>
 
S

S. Pidgorny

A computer being a part of a domain is not a security weakness a generic
account that has permission to reset all users' passwords can be.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Mr. Magoo" <MrMagoo@discussions.microsoft.com> wrote in message
news:0539F839-8FE8-4153-87CC-709A9A84C4EE@microsoft.com...
>I mean, my point is not regarding a debate on whether Windows vs Linux is
> stronger.
> I am just saying that the scenario 1 requires that the machine gets joined
> to the domain. The scenario 2 requires a service account with reset
> password
> rights in order to work properly and allow users with expiring passwords
> to
> change their passwords when connecting via VPN.
>
> "Mr. Magoo" wrote:
>
>> Scenario 1:
>> I have a Windows box running IAG (the Microsoft Remote Access solution).
>> Such box is in the 'perimeter' network. This box is supposed to be joined
>> to
>> the internal domain in order to allow users to reset passwords, etc.
>>
>> Scenario 2:
>> Linux based VPN box. Box is also in the perimeter network. Box is not
>> joined
>> to the domain at all.
>> This box requires to have a domain user account with 'reset password
>> rigts'
>> configured. Hard drive of such machine is protected by strong encryption.
>>
>> From a security stand point, which solution above is stronger?
>>
 
You must log in or register to reply here.

Similar threads

3
Unable to browse to company website on domain joined machines
Replies
0
Views
28
360VisionIT
3
J
Internet connection is lost at random times when Windows VPN is active
Replies
0
Views
45
Jeff Benson1
J
M
Mapped Drives not showing in File Explorer
Replies
0
Views
79
Michael Lynch (mlynch)
M
M
Is my account Microsoft account and windows system Secure? multiple global sign in attempts and Malware quarintines logged.
Replies
0
Views
33
michel westoll
M
F
How to setup VPN on Windows Server 2016 such that all domain users network traffic goes through that VPN?
Replies
0
Views
104
FTech12
F
Back
Top Bottom