| Management tools and techniques are very important to effectively prevent NDS/eDirectory problems, but they do not address a serious issue facing modern network administrative staff: securing resources from unauthorized access. Experience has shown that the danger of unauthorized access often comes from an internal source ( employees , disgruntled or not) rather than from sources outside the organization (hackers). Another reason to provide security on your network is to prevent the accidental destruction of data. Security is an effective means to limiting the scope of potential damage done by people who do not fully understand how to administer the system or how to properly use administrative tools. Security can prevent non-administrative users from inadvertently causing problems because they deleted something they should have been unable to delete or moved a directory that should not have been moved. REAL WORLD: Hackers: Good or Evil? The term hack was originally used by electrical engineers to describe clever ways of repairing and improving computer systems. Later, the term was extended to include innovative tricks and algorithms used in designing computer software. The term hacker , therefore, generally refers to people who solve computer- related problems quickly, efficiently , and often enthusiastically. You can find additional information about hackers and interesting links at http://fusionanomaly.net/hackers.html. Unfortunately, Hollywood popularized the term, and hacker is now often used to describe a malicious or inquisitive meddler who tries to discover information by poking around ”or one who develops and deploys computer viruses and worms. So while good ones do exist, the hackers we refer to in this chapter are of the second variety: the "bad guys." |
Effectively securing your system ”whether from a deliberate attack or from unintentional error ”needs to start with the basic premise that your system is not secure. A good security policy puts enough barriers in the way that the cost of obtaining information is higher than the value of the information to the would-be attacker. These barriers, however, have to be balanced against usability of the system. This chapter takes an in-depth look at the features of eDirectory security and how to effectively implement security policies so the system is secure and usable. |
