|
|
Inadequate planning of domains and their trust relationships in a Windows NT network can lead to a situation in which trust relationships exist for domains which should not be regarded as trustworthy. Thus, it may be possible for users of the domains concerned to access resources of the trusting domain without this being intended or even recognised. This can occur particularly if the access rights of the trusting domain were configured in a relatively broad way on the assumption that no other domain could access the local resources.
Conversely, the absence of trust relationships between domains can lead to a situation in which users have to authenticate themselves in an unnecessarily explicit way in the case of outside domains, leading to confusion when there is a lack of co-ordination of passwords between these domains. The user now has to remember a large number of passwords that can lead to security being impaired when he/she notes down such passwords.
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |