Tip

Keeping Active Directory namespaces secure

James Michael Stewart, Contributor

Keeping your network secure is always important. You can avoid common mistakes and some subtle vulnerabilities if you know all the little pitfalls and gotchas before your start implementing your infrastructure. And one of the important issues to know about when first designing your Active Directory infrastructure is laying out your namespace.

The Active Directory namespace is directly related to DNS. In fact, each Active Directory domain is granted a DNS name. Active Directory relies heavily on DNS to manage traffic, security and much more.

The Internet also relies heavily on DNS which is used there to resolve domain names into IP addresses and vice versa. Without DNS it would be nearly impossible to find resources or even properly direct traffic on the Internet.

The DNS systems of Active Directory and the Internet are so similar they can be deployed on the same DNS server, although this practice is highly discouraged. In fact, they are so similar that if you misconfigure your internal private DNS and namespace, you might wind up granting Internet users easy access to your network.

What to do? First and foremost, always avoid naming your Active Directory domains using the same names that are used by your organization or any other on the Internet. I would even avoid using the top-level domain names, such as .com, .org, .edu, etc. within your internal namespace as well. By purposely avoiding Internet names, you will prevent easy intrusion into

    Requires Free Membership to View

your private namespace.

While an Active Directory DNS namespace can support any top-level domain name, Internet DNS cannot. Therefore, by avoiding Internet DNS names, you can eliminate an glaring vulnerability.


James Michael Stewart is a partner and researcher for Itinfopros, a technology-focused writing and training organization.


This was first published in February 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.