Hi Guys.
This is more of a network security issue but I would appreciate
your feedback as I am banging heads with a client's IT administrator.
We are in a hot debate as to which scenario is "more" secure? A
workstation that is not joined to a local domain, versus a workstation
that is a member in a local network domain. Mind you, both scenarios
are PHYSICALLY connected to the local network.
This so-called IT Administrator claims that not being a part of
a local domain (BUT physically connected to a network) is more secure,
less prone to virus attacks, and spyware, and less prone to internal
hacks by other members of the same local domain. BUT what this person
forgot to realize is that his workstation is still communicating to our
domain controller since his machine is on dynamic IP addressing. His PC
relies on the domain controller's DHCP (or in Linux case, NIS), and is
very much part of a TCP/IP-based network. So even though
non-domain-joined, communication between his PC and the local domain
network is ever present and established.
I was laughing my a?? out on such reasons, just pure BS. If he
wants his PC secured within a corporate local network, then he should
have just remove the network cable and be physically not connected.
What do you think, guys? Is a non-domain-joined PC (but
physically connected) more secured?
Your inputs / feedback would be much appreciated.
Regards,