January 29, 2012

3.2.14 Transitive Access

Transitive access

Transitive – Passing over to or affecting something else.

Transitive access is a problem when inadvertent (and possibly unauthorized) access results for a set of related and authorized access.

With transitive access, A trusts B, if B then trusts C, then a relationship can exist where C is trusted by A).

In a transitive trust relationship, the relationship between A and B flows through such that A now trusts C.

In all versions of Active Directory, the default is that all domains in a forest trust each other with two-way transitive trust relationships.

While this process makes administration much easier when you add a new child domain (no administrative intervention is required to establish the trusts), it leaves open the possibility of a hacker acquiring more trust than they should by virtue of joining the domain.

References:
  • http://dictionary.reference.com/
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment