IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

c) Multiple-master domains<br />

This model consists of several master domains which trust each other. <strong>The</strong><br />

user and group accounts are managed in these master domains. In addition,<br />

there are resource domains which unilaterally trust all master domains. A<br />

multiple-master domain is illustrated in the following diagram:<br />

<strong>The</strong> explicit trust relationship between domain 1 and domain 3 is necessary, as<br />

Master-<br />

Domäne 1<br />

positions of trust are not transitive, i.e. mutual trust between domains 1 and 2,<br />

as well as between domains 2 and 3, does not automatically imply mutual trust<br />

between domains 1 and 3.<br />

<strong>The</strong> master domain concepts are often used in networks where more than<br />

15,000 users are present. This concept also allows a network to be partitioned<br />

among main departments, and the resources to be managed by these individual<br />

departments. For this purpose, a master domain is configured for each main<br />

department. <strong>The</strong> users of a main department are assigned user accounts in the<br />

master domain. <strong>The</strong> resources are managed by the departments in the resource<br />

domains. It is also possible to organise a network by location. This involves<br />

the configuration of a master domain for each location, and a resource domain<br />

for each department. This domain model is scaleable, and no limits are<br />

imposed on the size of the organisation. Central security management is<br />

possible here, and global groups and user accounts only need to be configured<br />

once throughout the organisation.<br />

Finally, it must be noted that this module requires a high degree of<br />

administrative discipline and careful planning. Particular care must be<br />

exercised when defining the trust relationships. In addition, it is absolutely<br />

necessary to prevent a configuration of user accounts in the resource domains.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Master-<br />

Domäne 2<br />

Ressourcen-Domänen<br />

Master-<br />

Domäne 3

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!