Ensuring Data Privacy And Integrity; Conducting Regular Audits; Example Security Needs Analysis - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

A restrictive method requires minutely understanding the information needs of each category of user

inside, and possibly outside, of the organization.

Irrespective of the method used to determine access rights, create a simple table that lists the

categories of users in the organization and the access rights granted to each. Consider creating a

table that lists the sensitive data held in the directory and, for each piece of data, the steps taken to

protect it.

For information about checking the identity of users, see

Authentication

Methods". For information about restricting access to directory information, see

Section 8.7, "Designing Access Control"

8.2.2. Ensuring Data Privacy and Integrity

When using the directory to support exchanges with business partners over an extranet or to support

e-commerce applications with customers on the Internet, ensure the privacy and the integrity of the

data exchanged.

There are several ways to do this:

• By encrypting data transfers.

• By using certificates to sign data transfers.

For information about encryption methods provided in Directory Server, see

"Password Storage Schemes"

For information about signing data, see

For information about encrypting sensitive information as it is stored in the Directory Server database,

Section 8.8, "Database Encryption"

see

8.2.3. Conducting Regular Audits

As an extra security measure, conduct regular audits to verify the efficiency of the overall security

policy by examining the log files and the information recorded by the SNMP agents.

For more information about SNMP, refer to the Red Hat Directory Server Administrator's Guide. For

more information about log files and SNMP, see the Red Hat Directory Server Administrator's Guide.

8.2.4. Example Security Needs Analysis

The examples provided in this section illustrate how the imaginary ISP company "example.com"

analyzes its security needs.

example.com's business is to offer web hosting and Internet access. Part of example.com's activity is

to host the directories of client companies. It also provides Internet access to a number of individual

subscribers.

Therefore, example.com has three main categories of information in its directory:

• example.com internal information

• Information belonging to corporate customers

Section 8.4, "Selecting Appropriate

Section 8.9, "Securing Server to Server

Ensuring Data Privacy and Integrity

Section 8.6.2.10,

Connections".

113

Table of Contents

Ensuring Data Privacy And Integrity; Conducting Regular Audits; Example Security Needs Analysis - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

8.2.2. Ensuring Data Privacy and Integrity

8.2.3. Conducting Regular Audits

8.2.4. Example Security Needs Analysis

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents