Table of Contents
Advertisement
For information about checking the identity of users, refer to "Selecting
Appropriate Authentication Methods," on page 159. For information about
restricting access to directory information, refer to "Designing Access Control," on
page 174.
Ensuring Data Privacy and Integrity
When you are using the directory to support exchanges with business partners
over an extranet or to support e-commerce applications with customers on the
Internet, you must ensure the privacy and the integrity of the data exchanged.
You can do this in several ways:
•
By encrypting data transfers.
•
By using certificates to sign data transfers.
For information about encryption methods provided in the Directory Server, refer
to "Password Storage Scheme," on page 173. For information about signing data,
refer to "Securing Connections with SSL and Start TLS," on page 185, and
"Securing Connections with SASL," on page 185. For encrypting sensitive
information as it is stored within the database, see "Database Encryption," on
page 184.
Conducting Regular Audits
As an extra security measure, you should conduct regular audits to verify the
efficiency of your overall security policy. You can do this by examining the log files
and the information recorded by the SNMP agents.
For more information about SNMP, refer to Red Hat Directory Server Administrator's
Guide.
Example Security Needs Analysis
The examples provided in this section illustrate how the imaginary ISP company
analyzes its security needs.
example.com
's business is to offer web hosting and Internet access. Part of
example.com
's activity is to host the directories of client companies. It also
example.com
provides Internet access to a number of individual subscribers.
Analyzing Your Security Needs
Chapter 8
Designing a Secure Directory
157
Advertisement
Table of Contents
