[unisog] Domain Layout

Russell Fulton r.fulton at auckland.ac.nz
Tue May 24 20:21:23 GMT 2005


On Tue, 2005-05-24 at 16:07 +0100, Brian Milner wrote:
> Hullo All, 
> We have two Win2000 domains, one for Administrative Staff and one for Academics, both staff and students. This is to help keep students away from exam documents, financial records, and so-on. I'm interested to see if this is a similar arrangement to other Academic organisations. 
> 
> 	How many domains do you use, and what users do they cover? 

We have one domain.  And we use it as an *authentication* domain not as
an *authorisation* domain.

We are currently establishing a small number of security domains (using
vlans and firewalls), we anticipate having a completely separate (no
trust relationships) for administrative access to machines within each
domain.  We will also go to some trouble to make sure that credentials
are not shared across domains.  So if someone manages to break my
general credentials (i.e. normal campus wide domain used for network
logins, email, etc) they will not be able to use those credentials to
access stuff in the more secure domains.

Russell
-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050525/3177834d/smime-0001.bin


More information about the unisog mailing list