Guest Mr. Magoo Posted July 23, 2007 Posted July 23, 2007 Scenario 1: I have a Windows box running IAG (the Microsoft Remote Access solution). Such box is in the 'perimeter' network. This box is supposed to be joined to the internal domain in order to allow users to reset passwords, etc. Scenario 2: Linux based VPN box. Box is also in the perimeter network. Box is not joined to the domain at all. This box requires to have a domain user account with 'reset password rigts' configured. Hard drive of such machine is protected by strong encryption. From a security stand point, which solution above is stronger? Quote
Guest Mr. Magoo Posted July 23, 2007 Posted July 23, 2007 I mean, my point is not regarding a debate on whether Windows vs Linux is stronger. I am just saying that the scenario 1 requires that the machine gets joined to the domain. The scenario 2 requires a service account with reset password rights in order to work properly and allow users with expiring passwords to change their passwords when connecting via VPN. "Mr. Magoo" wrote: > Scenario 1: > I have a Windows box running IAG (the Microsoft Remote Access solution). > Such box is in the 'perimeter' network. This box is supposed to be joined to > the internal domain in order to allow users to reset passwords, etc. > > Scenario 2: > Linux based VPN box. Box is also in the perimeter network. Box is not joined > to the domain at all. > This box requires to have a domain user account with 'reset password rigts' > configured. Hard drive of such machine is protected by strong encryption. > > From a security stand point, which solution above is stronger? > Quote
Guest S. Pidgorny Posted July 23, 2007 Posted July 23, 2007 A computer being a part of a domain is not a security weakness a generic account that has permission to reset all users' passwords can be. -- Svyatoslav Pidgorny, MS MVP - Security, MCSE -= F1 is the key =- * http://sl.mvps.org * http://msmvps.com/blogs/sp * "Mr. Magoo" <MrMagoo@discussions.microsoft.com> wrote in message news:0539F839-8FE8-4153-87CC-709A9A84C4EE@microsoft.com... >I mean, my point is not regarding a debate on whether Windows vs Linux is > stronger. > I am just saying that the scenario 1 requires that the machine gets joined > to the domain. The scenario 2 requires a service account with reset > password > rights in order to work properly and allow users with expiring passwords > to > change their passwords when connecting via VPN. > > "Mr. Magoo" wrote: > >> Scenario 1: >> I have a Windows box running IAG (the Microsoft Remote Access solution). >> Such box is in the 'perimeter' network. This box is supposed to be joined >> to >> the internal domain in order to allow users to reset passwords, etc. >> >> Scenario 2: >> Linux based VPN box. Box is also in the perimeter network. Box is not >> joined >> to the domain at all. >> This box requires to have a domain user account with 'reset password >> rigts' >> configured. Hard drive of such machine is protected by strong encryption. >> >> From a security stand point, which solution above is stronger? >> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.