Skip to Content.
Sympa Menu

assurance - [Assurance] AD Silver Cookbook Comment

Subject: Assurance

List archive

[Assurance] AD Silver Cookbook Comment


Chronological Thread 
  • From: "Mackin, Robert" <>
  • To: "" <>
  • Subject: [Assurance] AD Silver Cookbook Comment
  • Date: Fri, 31 Jan 2014 20:59:34 +0000
  • Accept-language: en-US

I’ve been following the thread and I want to thank the team for putting the cookbook together.  This is going to be a great resource.  Sorry for the last minute comments.

 

Here are my comments for the configuration recommendations:

1.       5.1.1 Could the use of self-encrypting drives that meet the requirements be a suitable alternative?

2.       Could the use of read-only domain controllers in perimeter networks meet some compensating controls?  With read-only DC’s you can define a password replication policy and filtered attribute sets.  Each read-only dc also has a unique Kerberos krbtgt account.

 

Thanks again for your work on this

Robert Mackin
Active Directory Engineer
The Ohio State University
Office of the Chief Information Officer Enterprise Security
1121 Kinnear Road, Room 601, Columbus, OH 43212
614-292-5978 Office
   ocio.osu.edu

 

 


  • [Assurance] AD Silver Cookbook Comment, Mackin, Robert, 01/31/2014

Archive powered by MHonArc 2.6.16.

Top of Page