Directory Services Overview Checklist

Understanding and Deploying LDAP Directory Services > 11. Privacy and Security Design > The Purpose of Security

The Purpose of Security

At its most basic level, the purpose of security is to protect the information in your directory so that you can access it with confidence. The obvious next question is: Protect it from what? We give an overview of the kind of threats you should guard against in the following section. For now, it's enough to think of these threats as being unauthorized access to or tampering with directory information, or causing users of the directory to be denied service.

If there is a security breach, often it is important to know exactly what was breached and how. Auditing provides this capability. Auditing also can be useful in determining why the system is not performing as it should, what the directory is being used for, and other interesting and useful bits of information.

Auditing information is invaluable in determining how to secure your system after a break-in. If you don't know what went wrong, it's very difficult to know how to fix it. Main taining an adequate audit trail provides information such as who accessed the server, what operations were performed, when those operations were performed, how long they took, and other information about errors and unusual conditions. Analyzing these logs can give you insight into many problems, including the following:

• Break-in attempts.   For example, many repeated authentication failures in the logs might alert you to a break-in attempt. This information could help you track down the attacker or take preventive measures.

• Trawling attempts.   Trawling is any technique used to perform unauthorized bulk downloads of directory data. Look for repeated searches that download successive portions of the database in an attempt to defeat the administrative limits you have imposed. This auditing information could help you track down the trawler or take preventive measures.

• Misconfigured applications.   For example, you might notice an application performing searches that make no sense or aren't optimal, placing unnecessary load on the directory. In extreme cases, a misconfigured application can cause others to be denied service because it consumes all available directory resources. Auditing information can help you identify and fix the misbehaving application or configure your directory to handle the searches better.

There are also nontechnical reasons for securing your directory. It's important for the users of your directory to be confident that the information they feel is private is being safeguarded in an adequate manner. Users often have concerns that go well beyond what you may consider to be a security or privacy threat. For example, you may consider a user 's name or gender to be public information, but the user may have legitimate reasons for wanting this information kept private (for example, fear of stalking or being a member of a witness protection program). Such perceived threats are as real as any others as far as your users are concerned , and they should be dealt with accordingly .

Another nontechnical reason to secure your directory is for the sake of public relations. In some situations this can be the most important reason. A break-in reported in the newspaper or on TV can be devastating to your company's business. The popular press seldom digs deep enough to discover the real consequences of a break-in. If your business is banking or securities trading, or a similar business in which trust plays a vital role, a security breach can be fatal. Your customers (not to mention your competitors ) usually won't distinguish between a break-in of your publicly available corporate phone book directory and the bank vault itself. The damage from this kind of a security problem can take a long time to repair.

Index terms contained in this section

2002, O'Reilly & Associates, Inc.