Denial Of Service; Analyzing Your Security Needs - Netscape DIRECTORY SERVER 6.2 - DEPLOYMENT Deployment Manual

Denial of Service

With a denial of service attack, the attacker's goal is to prevent the directory from
providing service to its clients. For example, an attacker might simply use the
system's resources to prevent them from being used by someone else.
Directory Server offers a way of preventing denial of service attacks by setting
limits on the resources allocated to a particular bind DN. For more information
about setting resource limits based on the user's bind DN, refer to "User Account
Management" in the Netscape Directory Server Administrator's Guide.

Analyzing Your Security Needs

You need to analyze your environment and users to determine your specific
security needs. When you performed your site survey in Chapter 3, "How to
Design the Schema," you made some basic decisions about who can read and write
the individual pieces of data in your directory. This information now forms the
basis of your security design.
The way you implement security is also dependent on how you use the directory to
support your business. A directory that serves an intranet does not require the
same security measures as a directory that supports an extranet, or e-commerce
applications that are open to the Internet.
If your directory serves an intranet only, your concerns are:
• To provide users and applications with access to the information they need to
perform their jobs
• To protect sensitive data regarding employees or your business from general
access
If your directory serves an extranet, or supports e-commerce applications over the
Internet, in addition to the previous points, your concerns are:
• To offer your customers a guarantee of privacy
• To guarantee information integrity
This section contains the following information about analyzing your security
needs:
• Determining Access Rights
• Ensuring Data Privacy and Integrity
Analyzing Your Security Needs
Chapter 7 Designing a Secure Directory 135