Table of Contents
Advertisement
Analyzing Your Security Needs
Unauthorized Tampering
If intruders gain access to your directory or intercept communications between
Directory Server and a client application, they have the potential to modify (or
tamper with) your directory data. Your directory is rendered useless if the data can
no longer be trusted by clients or if the directory itself cannot trust the
modifications and queries it receives from clients.
For example, if your directory cannot detect tampering, an attacker could change a
client's request to the server (or not forward it) and change the server's response to
the client. SSL and similar technologies can solve this problem by signing
information at either end of the connection. For more information about using SSL
with Directory Server, refer to "Securing Connections with SSL and Start TLS," on
page 185.
Denial of Service
With a denial of service attack, the attacker's goal is to prevent the directory from
providing service to its clients. For example, an attacker might simply use the
system's resources to prevent them from being used by someone else.
Directory Server offers a way of preventing denial of service attacks by setting
limits on the resources allocated to a particular bind DN. For more information
about setting resource limits based on the user's bind DN, refer to chapter 7, "User
Account Management," in the Red Hat Directory Server Administrator's Guide.
Analyzing Your Security Needs
You need to analyze your environment and users to determine your specific
security needs. When you performed your site survey in chapter 3, "How to
Design the Schema," on page 43, you made some basic decisions about who can
read and write the individual pieces of data in your directory. This information
now forms the basis of your security design.
The way you implement security is also dependent on how you use the directory to
support your business. A directory that serves an intranet does not require the
same security measures as a directory that supports an extranet or e-commerce
applications that are open to the Internet.
If your directory serves an intranet only, your concerns are:
Chapter 8
Designing a Secure Directory
155
Advertisement
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
Related Products for Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010
- Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER
- Red Hat Linux Virtual Server
- Red Hat LINUX VIRTUAL SERVER - FOR ENTERPRISE LINUX 5.2 REV 05-2008
- Red Hat LINUX VIRTUAL SERVER 4.5 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.6 - ADMINISTRATION
- Red Hat LINUX VIRTUAL SERVER 4.7 - ADMINISTRATION
Need help?
Do you have a question about the DIRECTORY SERVER 7.1 - DEPLOYMENT and is the answer not in the manual?
Questions and answers