Domain trusts

Trust security

When it comes to securing the trust not only the Authentication layer is important. The transport layer is important as well. SoftApp-distribution uses IPsec connections to secure the connection between two environments. IPsec is used to secure the transport between two locations. The connection endpoint of SoftApp-distribution for IPsec is the external firewall (95.211.34.139). 

Potential risks

1. Minimize Unnecessary Services and Open Ports
   One attack to be wary of—a denial of service of sorts—fills the available disk space on a DC. There are two ways this attack can be executed. The first is by attempting to flood Active Directory with objects. Because Active Directory is hugely scalable, it is unlikely to crash in this scenario, but flooding Active Directory with objects will increase the size of the database until it fills the disk partition. Besides ensuring the DIT is on a partition with lots of free space, consider implementing directory quotas via DSMOD PARTITION or DSMOD QUOTA. This will prevent any one security principal from adding too many objects to the directory. SoftApp-distribution minimizes the access to the Active Directory only to the ports that are required for the Trust.
   
   

2. Use IPsec
   Many organizations have dragged their feet on the implementation of IPsec because of the complex rules you must build, but it’s relatively easy to implement for inter-DC communication only. SoftApp-distribution only allows IPsec connections between third parties and our environment. Templates for the IPsec connection can be acquired at the SoftApp-distribution support department.