About Security Threats; Unauthorized Access - Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT Deployment Manual

About Security Threats

About Security Threats
There are many potential threats to the security of your directory. Understanding
the most common threats helps you plan your overall security design. The most
typical threats to directory security fall into the following three categories:
•

Unauthorized Access

• Unauthorized Tampering
• Denial of Service
The remainder of this section provides a brief overview of the most common
security threats to assist you with designing your directory's security policies.
Unauthorized Access
While it may seem simple to protect your directory from unauthorized access, the
problem can, in fact, be more complicated. There are several opportunities along
the path of directory information delivery for an unauthorized client to gain
access to data.
For example, an unauthorized client can use another client's credentials to access
the data. This is particularly likely when your directory uses unprotected
passwords. Or an unauthorized client can eavesdrop on the information
exchanged between a legitimate client and Directory Server.
Unauthorized access can occur from inside your company or, if your company is
connected to an extranet or to the Internet, from outside.
The scenarios described here are just a few examples of how an unauthorized
client might access your directory data.
The authentication methods, password policies, and access control mechanisms
provided by the Directory Server offer efficient ways of preventing unauthorized
access. Refer to "Selecting Appropriate Authentication Methods," on page 159,
"Designing a Password Policy," on page 163, and "Designing Access Control," on
page 174, for more information about these topics.
154 Red Hat Directory Server Deployment Guide • May 2005