Understanding and Deploying LDAP Directory Services > 11. Privacy and Security Design > Security Guidelines |
Security GuidelinesOne of the most important points to understand before you begin to design your directory's security infrastructure is that there is no such thing as "secure" or "private" in an absolute sense. Instead, there are degrees of security and privacy that come with various tradeoffs and apply only in well-defined contexts. A good analogy can be made to the security of your own house. It probably has one or more doors and windows, each with some kind of lock on it. The security-minded among us lock the doors and windows to our house in an effort to make it secure from unauthorized entry. Clearly we can achieve only a modest level of security. A window can easily be broken. A lock can be picked. A door can be broken down. Adding bars on the windows and doors increases your level of security, but at the expense of your own convenience. Such tradeoffs are typical in the security world and may well be worthwhile if you live in a neighborhood where threats are common. The lengths to which you should go to protect yourself generally should be proportional to the security threats you face ”a principle you should consider when designing your directory. Another important security lesson is that a system is only as secure as its weakest link, so it is important to think of the whole product and protect against every avenue of likely attack. Continuing our analogy to your house, consider the futility of installing a steel reinforced door with triple dead bolt locks if you are going to leave your windows wide open. Similarly, making your directory system secure in one dimension while leaving other areas wide open can often lead to trouble. Be sure to consider every aspect of security you can think of that might be related to your service. On the other hand, this can be taken too far. Why have windows on your house at all? If they can be broken so easily, they provide no real security. Better board them up. Why bother locking your door when anyone who really wants to get in could easily break it down? Better go live in a bank vault. But what good does that do? Even bank vaults get robbed. The answer is that every little bit helps. Although no security system is guaranteed against a determined and capable attacker, every additional security measure you employ raises the difficulty of attack. Every time you add a level of security, you filter out more attackers . The harder it is to break your security, the more likely it is for an attacker to give up or to move on to someone else's house ”or directory service. So how far should you go to protect the security of your directory? The answer to this question depends on the kinds of threats you face ”and the consequences you would suffer in case of a security failure. For example, if your directory contains name and email address information, unauthorized access to the directory might result in a lot of junk email sent to your users ”which can be miserably annoying. But the most serious consequences it usually results in are lost time and a waste of system resources. On the other hand, consider a directory that contains names , Social Security numbers, credit card numbers , and other personal information. Unauthorized access to this directory might result in far more serious consequences, including improper access to bank accounts, unauthorized use of credit cards, damaged credit reports , and worse . Clearly this information needs to be protected more strongly. All of these principles are fundamental to security design. Keeping them firmly in mind during your design process will go a long way toward keeping you on track and help make your service secure and successful. Here is a quick summary of these security and privacy design principles:
|
Index terms contained in this sectiondesignsecurity 2nd directories security 2nd privacy 2nd security 2nd |
2002, O'Reilly & Associates, Inc. |