In order to re-evaluate the current domain model, there are several aspects that we will have to discuss. These aspects include the type of domain model used for current domain model, the affects subnets may or may not have, how a new domain model can provide better security, how to improve the domain name system, the Internet domain name and its effect on the DNS name-resolution process, and can KIDS be improved. In addition, it will also be noted how domain controllers can be utilized to provide the company with adequate expansion in the future due to user population increase.
Current Domain Model Type The domain model type currently being utilized by Company Beta is that of a single domain. The overall company is the domain name. The Boston, MA and Toronto, Canada locations are just branches off of the domain root name. This also means that the additional locations, along with their subnets, serviced by the main locations are branches based off of their respective main location. A single domain is considered one of the easiest domains to implement and one of the cheapest in terms of maintaining. This type of domain has a single domain name.
This name then acts as the root to the rest of the forest. With a single domain, any domain controller has the ability to authenticate users within the forest. In addition, directory data also is frequently replicated and dispersed throughout the forest; this creates a lot of replication traffic (Microsoft, 2003). Subnets Subnets are subventions of the main network. They are utilized with the purpose of partitioning the network because the networking devices have the tendency to be located in close proximity on a local area network (LANA).
Subnets have the ability to increase both performance and security of a network(s), as long as they are implemented properly (Mitchell, 2014). Subnet masks are used to set boundaries for the subnets in terms of IP addresses (Tech-FAQ, 2014). Security Benefits of New Domain Model With a single domain, we utilized the single forest domain structure. This has several advantages and disadvantages; hence the need to re-evaluate due to security issues and concerns. Implementing a new domain model throughout Company Beta can help to improve security on the en;ark.
Instead of using a single forest, the company can utilize a multiple forest Structure, which would include multiple domain names. A multiple forest design allows for the allowing advantages over a single forest design: Businesses or locations within the organization can operate independently. This means that each business or location can serve as a domain, or forest. With businesses and locations within the organization being isolated from one another, schemas and configurations are done independently as well.
Each business or location can have a separate, independent DNS hierarchy. Test environments can be implemented, where as in single forest design they are not included (Tech- FAQ, 2014). For Company Beta, there are not multiple businesses within the organization, but multiple locations. With multiple locations, utilizing multiple forests could eliminate a lot of issues in terms of security because each of the locations would be isolated from one another. The administrative rights given to users within one domain would not apply to other domains (Tech- FAQ, 2014).
Improving Domain Name System The current domain name system utilizes one domain name because there is a single forest. Through the use of a multiple forest design, we can implement multiple domain names for each isolated forest. This ensures that domains can only access and utilize resources within their respective mains. When looking at the overall effectiveness of the domain name system and how to improve it, there are six factors to take into consideration. They are as follows: 1 .
Be smart about deployment – Ensure that you take into consideration the placement of the domain names within the network. Separating DNS servers in terms of geographical locations is important. This helps to ensure they are on separate rack switches and power feeds (Rousseau, 2010). 2. Embrace your DNS data – Implementing a database allows for the DNS data to be easily tracked, managed, and so forth (Rousseau, 2010). . Keep DNS data secures – With the way DNS servers are set up, the secondary or client servers can initiate the primary server to update DNS data, which can cause an issue.
This is because hackers can work their way in, request full zone transfers from the primary server, and come out with all the DNS data on the primary server. In addition, the hacker now knows the entire infrastructure of the neuron. Berkeley Internet Name Domain (BIND) access lists can be used to identify which secondary or client servers have authorization to request zone transfers of DNS data (Rousseau, 2010). 4. Service only your clients -? Only offer recursive services to the organizations clients. When open recursive services are allowed, denial-of- service attacks can occur (Rousseau, 2010). . Perform periodic network checks to ensure stability and functionality -? Like all networks and systems, the DNS must be periodically checked to ensure that is working properly. When these checks are done routinely, issues can sometimes be noticed before they cause a major problem within the network, which gives the organization time to fix the issue before it becomes to detrimental (Rousseau, 2010). 6. Avoid DNS disaster – Incorporating DNS services into the organizations disaster recovery plan are a good way to avoid any interruptions of services.
The DNS infrastructure and environment should be recovered in case of an emergency (Rousseau, 2010). Internet Domain Name Effect on DNS Name-Resolution Process The domain name system is a way for querying and updating the database, replicating the information in the database among the servers, and a schema for the database (Microsoft, 2003). Domains need to be given a namespace that will allow for the specific IP address to be looked up properly. When a name is put into a search engine, the Internet will then start sending out requests to DNS servers. The DNS servers that are linked to the name will be displayed.
Essentially, a proper DNS name will allow your system to be linked up to all other computers on the Internet. If the DNS name is not effective and done properly, it can cause ISP name servers to lack in terms of performance or reliability, as well as the potential to be down all together (Cheapest, 2011). KIDS use KIDS stands for Integrated Services Digital Network. It uses a telephone line to transmit video, voice, data, etc. Between connections. However, unlike plain telephones services, which use analog transmission, KIDS utilizes digital transmissions (Donovan, 2014).
For Company Beta, the Office manager of the Toronto, Canada location needs an KIDS connection to be able to transmit sensitive information. In order to be able to transmit this information to locations he/she has connections with, an KIDS connection would have to be set up between Toronto and Montreal, Toronto and Vancouver, and Toronto and Boston, MA. KIDS connections allow for a connection to be opened for a short period of time; meaning it is not a continuous connection. This type of connection is not ideal when it comes to accessing the Internet; however, it is still widely used to send fax, video, data, and so forth.
There are no improvements that can necessarily be made to the connection itself aside from usual security measures, such as authorization, authentication, access, and privileges associated with the user. Domain Controllers Domain controllers help to manage users within a domain and what they have access to. This either allows users from other domains to have access to the domains resources, through trust relationships, or not. Typically, unless rust relationships are identified, users within a domain only have access to what is within that domain (Rouse, 2014).
Domain controllers are an effective way of helping to manage or control the domains. Domains themselves can consist of multiple domain controllers. Domain controllers are more often than not servers at specific locations, departments, and so forth, which helps partition the network. When an organization has the potential to grow, the addition of domain controllers to the network must be considered. It is wise to put a domain controller at each site. There are several benefits to doing his: Having one or more domain controllers at each site improves network performance, fault tolerance, and high availability (Microsoft, 2005).
User logon processes are more efficient with one or more domain controllers per site (Microsoft, 2005). Anytime a user logs onto the network, the logon process requires the domain controller to be contacted (Microsoft, 2005). Trust relationships can be established between domain controllers to allow use of outside domain resources (Rouse, 2014). If Company Beta were to use at least one domain controller per site, they would simple just add more main controllers into the network if new sites were to be established.