Home > Articles > Security > Network Security

  • Print
  • + Share This
Like this article? We recommend

Successful and Secure Installation

This article detailed how to set up an SSL-enabled LDAP-server; explaining how to perform client and server authentication. User access to the Sun ONE Directory Server software cannot only be granted on the base of passwords but also on the base of SSL certificates.

The success and the security of an SSL-enabled LDAP deployment, however, depends on additional factors, which are beyond the scope of this article. These factors are:

  • Passwords—In this article, passwords like manager, dirmanager, and manager1 were used. Make sure that your LDAP-deployment follows a proper password policy.

  • Certificates/Private-Public Keypairs—The confidentiality of the private key is crucial to the overall security.

    Make sure that your company has a proper framework for using cryptography, explaining which cryptographic algorithms and key-lengths should be used, where to store, and how to protect items like a public key, the policy for certificate revocation, legislative issues, and roles and responsibilities.

  • Architectural issues—Deciding which Sun ONE software server should reside on which physical machine and how to achieve high-availability. What other security mechanisms (network security, host-based security, auditing, etc.) can help to protect the critical data stored in the LDAP repository.

  • Workstation/Client security—Deciding what measurements can be taken to prevent the client (which might store a public-key on its disk drive) from getting compromised by a malicious code like a virus. Also raising the security awareness of the user.

The secure installation and operation of an LDAP-server does not only depend on the security mechanisms, but also on the policies backing these mechanisms.

  • + Share This
  • 🔖 Save To Your Account