Designing A Secure Directory; About Security Threats - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 8.

Designing a Secure Directory

How the data in Red Hat Directory Server are secured affects all of the previous design areas. Any

security design needs to protect the data contained by the directory and meet the security and privacy

needs of the users and applications.

This chapter describes how to analyze the security needs and explains how to design the directory to

meet these needs.

8.1. About Security Threats

There are many potential threats to the security of the directory. Understanding the most common

threats helps outline the overall security design. Threats to directory security fall into three main

categories:

• Unauthorized access

• Unauthorized tampering

• Denial of service

8.1.1. Unauthorized Access

Protecting the directory from unauthorized access may seem straightforward, but implementing a

secure solution may be more complex than it first appears. A number of potential access points exist

on the directory information delivery path where an unauthorized client may gain access to data.

For example, an unauthorized client can use another client's credentials to access the data. This is

particularly likely when the directory uses unprotected passwords. An unauthorized client can also

eavesdrop on the information exchanged between a legitimate client and Directory Server.

Unauthorized access can occur from inside the company or, if the company is connected to an

extranet or to the Internet, from outside the company.

The following scenarios describe just a few examples of how an unauthorized client might access the

directory data.

The authentication methods, password policies, and access control mechanisms provided by the

Directory Server offer efficient ways of preventing unauthorized access. See the following sections for

more information:

Section 8.4, "Selecting Appropriate Authentication Methods"

•

Section 8.6, "Designing a Password Policy"

•

Section 8.7, "Designing Access Control"

•

8.1.2. Unauthorized Tampering

If intruders gain access to the directory or intercept communications between Directory Server and a

client application, they have the potential to modify (or tamper with) the directory data. The directory

service is useless if the data can no longer be trusted by clients or if the directory itself cannot trust the

modifications and queries it receives from clients.

111

Table of Contents

Designing A Secure Directory; About Security Threats - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Designing a Secure Directory

8.1. About Security Threats

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents