When you can't see the forest for the domains: why a two forest model should be used to achieve logical segregation between SCADA and corporate networks
School of Computer and Information Science, Edith Cowan University,
Place of Publication
Perth, Western Australia
Faculty of Computing, Health and Science
School of Computer and Security Science / Centre for Security Research
The increasing convergence of corporate and control systems networks creates new challenges for the security of critical infrastructure. There is no argument that whilst this connection of what was traditionally an isolated network, to a usually internet enabled corporate network, is unavoidable, segregation must be maintained. One such challenge presented is how to properly and appropriately configure an active directory environment to allow for exchange of required data, but still maintain the security goal of separation of the two networks. This paper argues that while separate domains may seem to achieve this goal, the reality is that a domain is not a security boundary, and in fact does not effectively segregate the networks. A more secure and robust barrier can be created through the creation of separate forests, which still allows for one-way trust relationships to be established between the two forests for authentication and data exchange. The paper concludes that there is no loss of functionality or communication through the use of two forests, but there is a loss of security if using one.