Q

Having separate domains for your DMZs is a good idea

We have two DMZs with a total of 30 Windows 2000 stand alone servers. We have a request to provide a solution to

make it easy to administer IDs and passwords on these boxes. One solution would be to put an AD (Active Directory) domain just for the DMZ. Is this a good security solution? If not what do you suggest?

Having separate domains for your DMZs is a good idea. However, you suggest one domain for the two DMZs. If there is sufficient reason to have two separate DMZs, there is likely reason enough to have separate domains as well. Without knowing more about your network setup, it is difficult to know for sure. The different domains in and of themselves probably don't add that much value in the way of security (although they could if the appropriate trust relationships/restrictions are put in place.) However, making it easier to determine who has administrative authority over specific servers is a good thing.


For more info on this topic, check out these SearchSecurity.com resources:
  • Best Web Links: Infrastructure and network security
  • Ask the Expert: Guidelines for designing a DMZ with defined levels of access
  • Featured Topic: Demilitarized zones

  • This was first published in July 2003

    Dig deeper on DMZ Setup and Configuration

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close