No announcement yet.

Securing AD

  • Filter
  • Time
  • Show
Clear All
new posts

  • Securing AD

    Hello Every one,

    I am on the point to split my network, to seperate Servers from Users computers. I am actually taking back position on a network that is really messy.
    For this to do I plan to put a firewall (OpenBSD) to be inbetween those machines.
    I have on my network Win 2000 Server, Win NT4 Servers with SQL, and one 2003 Server.
    The CLient side is Win XP and Win 2000 Pro (Only few).

    First I need to know witch ports I should open to allow the communication between My Clients Machines and my Active Directory Win2000 and 2003. Also for some reason I have another domain that is on NT4 PDC/BDC, theese servers will stay on the client side of the Firewall, So I need to know If there are specific port to ensure the functionality of the Trust relationship between the two domains (Remember Win2000 vs NT4).

    So If some of you can tell me witch ports I need and on witch side to open, It would be Greatfull.

    Thank you all for your help on this.


  • #2
    Re: Securing AD

    It's certainly a good idea to put servers and clients on different segments and subnets. But there it stops. Any kind of firewalling in an AD network is asking for trouble. You need to allow about 15 protocols, plus reckkon with portmappers.

    If you think about Windows security: get patch management going, install virusscanners and anti-spyware, and enable the XP SP2 firewall in domain mode. That should be good enough. Again, firewalling in an AD network is asking for trouble with little benefits.