Risks associated to LDAP

[Rodrigo Blanco <rodrigo.blanco.r () gmail com>]

Hello list,

I would like to know what risks can be associated to a corporate LDAP
deployment, from the security points of view:

- Confidentiality
- Integrity
- Availability
- Authentication

At first glance, I can think of:

- users / organizations enumeration (and if this is compromised,
password / bruteforce attacks against the LDAP auth. from the obtained
usernames),
- DoS / exploits against the LDAP service
- eavesdropping on non-encrypted messages
- replication spoofing,
- brute force bind attempts,

but I am sure there must be more issues. Also, I have been searching
for secure architecture reccomendations / checklists (such as NIST's),
but found no pointers to authorized sources... Any links will also be
more than welcome.

Thanks in advance and best regards,
Rodrigo.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------