Table of Contents
Advertisement
Analyzing Your Security Needs
•
Conducting Regular Audits
•
Example Security Needs Analysis
Determining Access Rights
When you perform your data analysis, you decide what information your users,
groups, partners, customers, and applications need to access.
You can take grant access rights in two ways:
•
Grant all categories of users as many rights as possible while still protecting
your sensitive data.
If you choose this open method, you must concentrate on determining what
data is sensitive or critical to your business
•
Grant each category of users the minimum access they require to do their jobs.
If you choose this restrictive method, you must spend some time
understanding the information needs of each category of user inside, and
possibly outside of your organization.
No matter how you determine to grant access rights, you should create a simple
table that lists the categories of users in your organization and the access rights you
grant to each. You may also want to create a table that lists the sensitive data held
in the directory, and for each piece of data, the steps taken to protect it.
For information about checking the identity of users, refer to "Selecting
Appropriate Authentication Methods," on page 124. For information about
restricting access to directory information, refer to "Designing Access Control," on
page 134.
Ensuring Data Privacy and Integrity
When you are using the directory to support exchanges with business partners
over an extranet, or to support e-commerce applications with customers on the
Internet, you must ensure the privacy and the integrity of the data exchanged.
You can do this in several ways:
•
By encrypting data transfers
•
By using certificates to sign data transfers
122
Netscape Directory Server Deployment Guide • May 2002
Advertisement
Table of Contents
