ldap directory services: security. directory security syllabus brief review of directories and ldap...
TRANSCRIPT
LDAP Directory Services:
Security
Directory Security Syllabus
Brief Review of Directories and LDAP Brief Review of Security Basic Security Concepts Security as Applied to Directories
Threats LDAP Protocol Security Features Typically Implemented Security Features Futures References
Directory SecurityBrief Review of Directories & LDAP
DirectoryDatabase
Network
Directory Service
DirectoryInformation
Tree(DIT)
A
B C
F
D
E G
H I
Client
search “G,C,A”
LDAP
Directory SecurityBrief Review of Directories & LDAP• What directories are…
– Object repositories
– Typically read more than written
– Have explicit access protocols
– Support relatively complex queries
• What directories are not…
– RDBMSs
– Lack notions of..• Tabular views
• JOIN operations
• Stored Procedures
Directory SecurityBrief Review of Directories & LDAP
• Obligatory, overly-simplified, Protocol Stack Diagram
Directory-based Application
IPEthernet, Cable, Wireless, whatever.
TCP
LDAP
Directory SecurityBrief Review of Security
• Notion of Security for a network protocol is comprised of (at least) these axes..
– Identity & Authentication• “Who are you and who says so?”
– Confidentiality • “Tough petunias to eavesdroppers.”
– Integrity• “Did anyone muck with this data?”
– Authorization• “Yes, you can do that, but no, you can’t do that other thing.”
Directory SecurityBasic Security Concepts
• Notions...– The notion of Identity– Of Names and Identifiers
• Authentication Identity
• Authorization Identity
– Anonymity
Directory SecurityBasic Security Concepts
Overall Namespace
Names Identifiers
Directory SecurityBasic Security Concepts
• The applicable “science & technology of implementation”...– Ciphers– Encryption– Integrity
• AKA Cryptography [11]
Directory Security Basic Security Concepts, cont’d
Directory Security Basic Security Concepts, cont’d
Directory Security Basic Security Concepts, cont’d
Directory SecuritySecurity as Applied to Directories
• One needs to separately consider each of the four security axes in the context of anticipated threats.
• Also need to consider security from the perspectives of..
– the info stored in the directory, and..
– attributes of the requesters.• E.g. how much you trust them.
• Note that..
– data security != access security
Directory SecurityExample Deployment Scenarios
Anonymous Requesters? Identified Requesters?
Read/Write?
Read/Write?
1 N N Y RO N None2 N N N N/A Y RO Secure Authentication
3 N Y N/A N/A N/A N/A
Mutual authentication, Connection Integrity-Protection
4 N N Y RO Y RW Secure Authentication
5 Y Y N/A N/A N/A N/A
Mutual authentication, Connection Integrity- and Confidentiality- Protection
Required Directory-Specific Security Mechanisms or
Functions
Connection Hijacking or IP
Spoofing Threats?sc
enar
ios Contains
Sesitive Data?
Directory Security Threats
DirectoryDatabase
Network
LegitimateDirectory
Service
Client
search “G,C,A”
LDAP
1.
2, 3
, 5, 6.4
, 7.
7.
DirectoryDatabase
ImposterDirectory
Service
A
B C
F
D
E G
H I
Directory Security Threats, cont’d
DirectoryDatabase
Network
Directory Service Host(s)
8.
9.
10.
Directory Security LDAP Protocol Security Features
• Formal notions of..
– Authentication Identifiers [7], and.. – Authorization Identifiers [7]
• Leverages several security mechanisms..– Simple passwords [2, 8]
– SASL [6]
• Kerberos [2]
• Digest [4]
– SSL/TLS [7]
• effectively is a session layer
• The above may be used in various combinations together.
Directory Security LDAP Protocol Security Features
• Integral-to-the-protocol data integrity and attribution are works-in-progress.
LDAP
Directory Security LDAP Security Features Illustrated
DirectoryDatabase
Network
LegitimateDirectory
Service
Client
search “G,C,A”
A
B C
F
D
E G
H I
Authenticated, plus Confidentiality- and Integrity-protected Channel
LDAP
ImposterDirectory
Service
DirectoryDatabase
Directory SecurityBrief Intro to Directories and LDAP
Directory-based Application
IP
Ethernet, Cable, Wireless,Etc.
TCP
TLS
LDAP
Directory SecurityBrief Intro to Directories and LDAP
Directory-based Application
IPEthernet, Cable, Wireless, Etc.
TCP
TLS SASLLDAP
Directory SecurityTypical Security Features of Impls
• Security Features typically found in LDAP Implementations
• Simple password-based Authentication.
• SSL on port 636 (aka “LDAPS”)
• At least one impl does StartTLS on port 389.
• Access control.
• Configurability (e.g. Netscape’s DS Plug-ins).
Directory SecurityTypical Impl Security Features, cont’d
• Important Notice:– The LDAP protocol is NOT an authentication protocol in and of
itself (IMHO).
– One MAY use LDAP itself as an authentication protocol, but one needs to carefully consider what functionality it does and doesn’t bring to your deployment when used in this manner.
• Deployment configuration is critical
• Many server-side knobs
– e.g. requiring client authentication
Directory SecurityExample Directory Service Deployment(s)
Desktop ClientsDesktop ClientsClients
LDAPLDAP-based
Directory Service
LDAP-based
Directory Service
Authentication Service
Authentication Service
Auth DB
Directory DB
Registry DB
Auth DB
Directory DB
Directory Security Behind the Scenes (simplified)
LDAP
TDS
Middleware Event Broker
Middleware Event Broker
RegistryRegistry
TDS
Subject’sDesktop(browser)
Web-based User Interface
for Data Maintenance
Web-based User Interface
for Data Maintenance
HTTP (effectively authenticated writes)
Directory Service
Directory Service
LDAP (Reads)
Network-basedApplicationsNetwork-basedApplicationsNetwork-basedApplications
Desktops(Browsers)
SUNetIDSystem
SUNetIDSystem
TDS