CMC3P22-P03-1001232F: LDAP Security Feature

What is LDAP?

LDAP stands for Lightweight Directory Access Protocol. It is used for Network Information Services (NIS). NIS systems store common configuration details for computers on a network. These servers also perform directory services and act as an authentication servers. LDAP is a software protocol for enabling anyone to locate organizations, individuals and other resources such a files and devices in a network. LDAP is a smaller version of Directory Access Protocol (DAP) which is a part of X.500. X.500 is a standard for directory services in a network. The data are usually more to being read than to be written on such that, there are no rollback and no transactions.

Security Features for LDAP:

Simple Authentication
Secure Sockets Layer (SSL)

1. Simple Authentication:

Basic authentication
Microsoft Windows NT LAN Manager (NTLM)
Negotiate

Basic authentication uses clear text passwords. Basic authentication must tell the LDAP server who is going to be accessing the data so that the server can decide what the client is allowed to see or do. If the client authenticates successfully to the LDAP server, when the server receives a request from the client, it will check whether the client is allowed to perform the request. This process is called access control.

Microsoft Windows NT LAN Manager (NTLM) uses a simple LDAP connection to Windows Active Directory for further authentication. It uses a suite of authentication and session security protocols to authenticate the clients. However, it is still in development.

To use Negotiate authentication, the web browser must be written to understand it and configure correctly to do so, and the computer used, needed to be authenticated by the jerberos infrastructure and receiver the appropriated key from the Key Distribution Center (KDC).

2. Secure Sockets Layer (SSL)

SSL protocol can protect the users' data from being sniffed by other people who have physicall access to the network. It uses a program layer that is located between the Hypertext Transfer Protocol (HTTP) and Transmission Control Protocol (TCP) layers. SSL uses the public and private key encryption system.

References:

http://searchmobilecomputing.techtarget.com/definition/LDAP

http://www.ehow.com/facts_7395800_ldap-security-protocol.html

http://msdn.microsoft.com/en-us/library/aa913688.aspx

http://klaubert.wordpress.com/2008/01/09/squid-kerberos-authentication-and-ldap-authorization-in-active-directory/

2 comments:

aSiDiKJanuary 12, 2012 at 6:22 AM
Hi atiqah, nice blog! You have lots of content! On the whole, I feel that you have included more than sufficient content in your blog! Most importantly, it has helped me understand LDAP better! Your explanation is very detailed and your details are very well-organized. However, maybe you could elaborate more on your SSL, because it is rather short. But other than that, good job!
Jeremy_LimJanuary 12, 2012 at 8:58 AM
Hey atiqah, Jeremy here. I realized that your security feature for your LDAP is also authentication. Seems like authentication is quite a common security feature is any networking protocols or standards. Perhaps you could have also included Access Control which I did in mine. Access Control's security feature is somewhat similar to the authentication feature.

Wednesday, January 11, 2012

LDAP Security Feature

2 comments: