Security Basics mailing list archives
Risks associated to LDAP
From: Rodrigo Blanco <rodrigo.blanco.r () gmail com>
Date: Wed, 15 Feb 2006 21:19:50 +0100
Hello list, I would like to know what risks can be associated to a corporate LDAP deployment, from the security points of view: - Confidentiality - Integrity - Availability - Authentication At first glance, I can think of: - users / organizations enumeration (and if this is compromised, password / bruteforce attacks against the LDAP auth. from the obtained usernames), - DoS / exploits against the LDAP service - eavesdropping on non-encrypted messages - replication spoofing, - brute force bind attempts, but I am sure there must be more issues. Also, I have been searching for secure architecture reccomendations / checklists (such as NIST's), but found no pointers to authorized sources... Any links will also be more than welcome. Thanks in advance and best regards, Rodrigo. --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Risks associated to LDAP Rodrigo Blanco (Feb 17)