Here's the scenario I am working with and would welcome thoughts from the experts here on best way to address it:
Secure environment from external and internal threats by reducing attack surface.
Single forest with two domains: production and DMZ. Production and DMZ both have a two-way trust established with selective authentication (read and authenticate). An application layer next-gen firewall (Palo Alto) is sitting between the two environments.
DMZ domain has one-way trust enabled with selective authentication and is the trusting domain for the external third-party domain. this is being used to allow access to external parties to view relevant information available in the dmz domain.
AD LDS is utilized to synchronize an in-house developed application data across Production and DMZ domain and as a result a number of ports are open between the two domains. Separate LDS instances cannot be maintained for the two environments.
- The environment is well patched but occasionally the patch cycle is missed leaving the environment exposed.
- Link between dmz and external domain is via a private leased line (HSDL). Internet connectivity is available within the dmz domain but not in the production domain.
Question: How do we lockdown the environment without impacting operations?
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller.
Log onto the new domain controller with a user account t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012.
Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…