Overview Of Security Methods - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

Hide thumbs Also See for DIRECTORY SERVER 8.1 - DEPLOYMENT:

Command reference manual (372 pages)

Configuration and command reference (292 pages)

Reference (228 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

page of 164

/ 164
Contents
Table of Contents
Bookmarks

Table of Contents

Chapter 8. Designing a Secure Directory

• Information pertaining to individual subscribers

example.com needs the following access controls:

• Provide access to the directory administrators of hosted companies (example_a and example_b) to

their own directory information.

• Implement access control policies for hosted companies' directory information.

• Implement a standard access control policy for all individual clients who use example.com for

Internet access from their homes.

• Deny access to example.com's corporate directory to all outsiders.

• Grant read access to example.com's directory of subscribers to the world.

8.3. Overview of Security Methods

Directory Server offers several methods to design an overall security policy that is adapted to specific

needs. The security policy should be strong enough to prevent sensitive information from being

modified or retrieved by unauthorized users, but also simple enough to administer easily. A complex

security policy can lead to mistakes that either prevent people from accessing information that they

need to access or, worse, allow people to modify or retrieve directory information that they should not

be allowed to access.

Security Method

Authentication

Password policies

Encryption

Access control

Account deactivation

Secure connections

Auditing

Table 8.1. Security Methods Available in Directory Server

Combine any number of these tools for maintaining security in the security design, and incorporate

other features of the directory service, such as replication and data distribution, to support the security

design.

114

Description

A means for one party to verify another's identity. For example,

a client gives a password to Directory Server during an LDAP

bind operation.

Defines the criteria that a password must satisfy to be

considered valid; for example, age, length, and syntax.

Protects the privacy of information. When data is encrypted, it

is scrambled in a way that only the recipient can understand.

Tailors the access rights granted to different directory users

and provides a means of specifying required credentials or

bind attributes.

Disables a user account, group of accounts, or an entire

domain so that all authentication attempts are automatically

rejected.

Maintains the integrity of information by encrypting connections

with SSL, Start TLS, or SASL. If information is encrypted

during transmission, the recipient can determine that it was not

modified during transit.

Determines if the security of the directory has been

compromised; on simple auditing method is reviewing the log

files maintained by the directory.

Table of Contents

Overview Of Security Methods - Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT Deployment Manual

8.3. Overview of Security Methods

Related Manuals for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Related Content for Red Hat DIRECTORY SERVER 8.1 - DEPLOYMENT

Table of Contents