Securing Connections With Ssl; Other Security Resources - Netscape DIRECTORY SERVER 6.2 - DEPLOYMENT Deployment Manual

Although this syntax is perfectly acceptable for the server, it's confusing for
a human administrator.

Securing Connections With SSL

After designing your authentication scheme for identified users and your access
control scheme for protecting information in your directory, you need to design
a way to protect the integrity of the information passed among servers and
client applications.
To provide secure communications over the network you can use the LDAP
protocol over the Secure Sockets Layer (SSL).
SSL can be used in conjunction with the RC2 and RC4 encryption algorithms
from RSA. The encryption method selected for a particular connection is the
result of a negotiation between the client application and Directory Server.
SSL can also be used in conjuction with CRAM-MD5, which is a hashing
mechanism that guarantees that information has not been modified during
transmission.
Directory Server can have SSL-secured connections and non SSL connections
simultaneously.
For information about enabling SSL, refer to the Netscape Directory Server
Administrator's Guide.

Other Security Resources

For more information about designing a secure directory, take a look at the
following:
• Netscape Security Notes
http://home.netscape.com/security/notes/
• Understanding and Deploying LDAP Directory Services.
T. Howes, M. Smith, G. Good, Macmillan Technical Publishing, 1999.
• SecurityFocus.com
http://www.securityfocus.com/
• Computer Emergency Response Team (CERT) Coordination Center
http://www.cert.org
Securing Connections With SSL
Chapter 7 Designing a Secure Directory 163