Directory Drivers

Understanding and Deploying LDAP Directory Services > 22. Directory Coexistence > Privacy and Security Considerations

<  BACK CONTINUE  >
153021169001182127177100019128036004029190136140232051053054012003015023073106160215125

Privacy and Security Considerations

In this section we explore issues related specifically to your directory coexistence strategy, including the privacy of the join attribute, the security of links in the coexistence process, and the security of foreign data sources. (General privacy and security concerns for your directory service are discussed in Chapter 11.)

Join Attribute

As described earlier in this chapter, joining data among multiple directories is much easier when you have one or more join attributes that are common among all the directories. The more likely the join attributes are to be unique, the more accurate the joining process and the less administrative burden placed on directory administrators. This feature is clearly desirable and argues for choosing a unique join attribute.

The most convenient attribute to use is often SSN or something similar. However, SSN is sensitive information that should be carefully protected. If your SSN falls into the wrong hands, all kinds of trouble can follow, such as stolen identity, ruined credit, and unauthorized access to personal information. SSNs are also considered private information by most users. These users will certainly be upset if care is not taken to protect their private information. For these reasons SSN may not be the best choice for a join attribute. But sometimes it may be the only realistic choice you have.

You must take care to protect sensitive join attributes when designing your directory coexistence processes. Consider who has access to the sensitive join attribute at all stages of the coexistence process. Do you really need to use SSN, or is there another less sensitive attribute that would work just as well? Could you use a hashed form of the SSN, providing a measure of privacy protection? Does the coexistence process expose the join attribute to other less-trusted foreign directory administrators? These questions and others all need to be answered .

Data Transport

Another common security trouble spot in the directory coexistence process is found in the procedures used to transfer information between your directory service and the foreign data sources it communicates with. If these transfers are not protected with the same care that data in the directory service itself is protected, an attacker can potentially gain unauthorized access to data or even insert fraudulent data into the directory service.

There are a variety of techniques for protecting this data transfer. If directory coexistence is maintained via LDAP, the normal security of your directory can be applied. This is probably the best approach from a security standpoint; it minimizes the possible avenues of attack and allows you to focus your security design on the directory service itself. It also minimizes directory downtime that can be caused by non-LDAP data import.

If you choose an offline technique for transferring data to and from foreign directories, consider other ways to protect the transfer. There are several techniques available, such as secure file transfer, a generic tool such as secure shell protocol, encrypting the data itself and then transferring it via unprotected means, and so on. These techniques are described in more detail in Chapter 11.

Foreign Directory Security

A final consideration in the protection of your directory coexistence solution is the security of the foreign data sources that your directory coexists with. If these data sources are not secured, there may be little point in securing the same data in your directory service. An attacker looking for the data may simply be able to access it in the foreign directory, bypassing all the security you have labored to implement for your directory service.

For example, suppose your directory obtains name and address information from the corporate human resources database. Because the address information is sensitive, you might protect it in your directory service via authentication and access controls and other techniques. A determined attacker bent on inserting invalid address data for another user cannot do it through the directory but may be able to do it through the human resources database. When that data is changed, it will find its way into your directory service via the normal directory synchronization procedures.

Be sure to consider more than just physical and technology-related security issues. Personnel and procedural security are also important. The most secure directory in the world can be compromised if an attacker is able to call up an administrator and talk him or her into making unauthorized changes. Masquerading as a legitimate user, trickery , flattery, and downright bribery are all potential weapons at an attacker's disposal. Make sure your procedures guard against such attacks and that your personnel are aware of the possibilities.



Understanding and Deploying LDAP Directory Services,  2002 New Riders Publishing
<  BACK CONTINUE  >

Index terms contained in this section

attributes
         join
                    privacy 2nd
coexistence (directories)
         security
                    data transport 2nd
                    foreign directories 2nd
                    join attribute (privacy) 2nd
data
         directory coexistence
                    foreign directory security 2nd
                    join attribute (privacy) 2nd
                    transport security 2nd
directories
         coexistence
                    data transport(security) 2nd
                    foreign directory security 2nd
                    join attribute (privacy) 2nd
foreign directories
          security 2nd
join attribute
          privacy 2nd
metadirectories
         directory coexistence
                    data transport security 2nd
                    foreign directory security 2nd
                    join attribute (privacy) 2nd
privacy
         directory coexistence
                    join attribute 2nd
security
         directory coexistence
                    data transport 2nd
                    foreign directories 2nd
         privacy
                    join attribute 2nd

2002, O'Reilly & Associates, Inc.



Understanding and Deploying LDAP Directory Services
Understanding and Deploying LDAP Directory Services (2nd Edition)
ISBN: 0672323168
EAN: 2147483647
Year: 1997
Pages: 245

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net