Domain Trust Security Considerations

Know your boundaries as security experts say.

Domain trust security considerations. Technet trust technologies. It is a listing of domain names that the dfs client needs to recognize when resolving a unc path as either a domain based dfsn or a regular server name. I am trying to identify specific attack vectors that occur due to domain forest trust in active directory. The special names table is a list stored on each windows client that it gets from the dc.

Technet security considerations for trusts. Alternatively the domain admin of forest root domain or equivalent access through delegation can create forest trust. A two way forest trust will not give you any problems with populating this table for the partner forest. Microsoft in their kb articles domain trust section considerations about trusts write that.

Trusts security 101. Outgoing trust authentication level if we want users from the specified forest to have access to all computers in the local forest on the outgoing trust properties page we have to click forest wide authentication. Domain administrators of any domain in the forest have the potential to take ownership and modify any information in the configuration container of active directory. We trust our development teams and engineers to identify security issues and performance issues and to flag the change before we allow it to go through.

Potential threats to interforest trusts security settings for interforest trusts minimum administrative credentials for securing trusts trust security and other windows technologies related information. This is a must read to fully understand the issues with the security implications of trust configurations. At a high level a domain trust establishes the ability for users in one domain to authenticate to resources or act as a security principal in another domain. Technet top issues with ad trusts.

Security interoperability mode enables you to configure compatible communication channels between servers in global transactions with participants in the same domain intra domain or in different domains inter domain. Follow security trust best practices. Determines whether one trust can let a trusted domain pass through to a third domain. Trust is established between all the domains that participate in a transaction by setting the security credential of all domains to the same.

Relatedly we use our own continuous integration tool bamboo to identify whether any of the changes once merged into the main branch will create issues through our integration unit functional or security tests. There s a fantastic guide to understanding trusts and the various considerations therein on technet pay close attention to the selective authentication section a great way to prevent random access attacks. Explaining configuring trusts. A few more detailed write ups by microsoft that will be used as references.

Technet has an article on the security considerations for active directory ad trusts.