T 2.123 Lack of, or inadequate, planning of the use of directory services

The security of an overall system depends primarily on the security of each individual subsystem. The security of the directory services is therefore based on the security of the basic operating system, and especially on the file system security.

Directory services can be installed and operated on a number of different operating systems, and this results in a wide variety of security settings that need to be specified for each of the operating systems used. This variety increases the planning requirements and requires that the planners possess corresponding knowledge of all operating systems used as a basic operating system. If the overall solution needs to be highly heterogeneous, then there is a risk that the use of the directory services will not be planned with the proper detail or to the proper depth.

The planning of the tree structure as well as the representation of the organisational structure are very important, especially when using a directory service in the intranet. If the organisational structure is represented down to the last detail, then there could be problems with administration as a result. When planned incorrectly, there is a risk of inconsistencies and an overly complicated design of the directory service, which in turn could lead to faulty configurations as well as incorrect or inefficient operation of the system.

The global tree structure of a directory service has a large impact on the security of an installation. For example, problems can arise when different subtrees have different security requirements or belong to different organisational units. Due to the implicit inheritance mechanisms as well as the complexity of the rules for determining the actual rights applying to an individual object, high requirements are placed on the planning of the system.

If a certificate authority (CA) is used, then this component is an essential component of security of the directory service. Incorrect planning can significantly impair the security of the directory service in this case as well.

Since a directory service allows role-based administration of the directory database as well as the delegation of individual administration tasks, there is a risk that the system will be insecure or administered inefficiently if the administration tasks are planned incorrectly.

Furthermore, the use of an administration tool may have been planned incorrectly and therefore allows unauthorized users access to internal information relating to the directory service installation.

Additional risks can arise when directory data is synchronised with other directory services, for example using DirXML with eDirectory from Novell. When the rights are assigned accordingly (which depends on the target system under examination), the changes will also be active in the directory service due to synchronisation.

Conversely, external directories can subscribe to their own directory service to receive changes to the information database and then synchronise their directory based on this. This type of synchronisation requires detailed planning because otherwise sensitive data could be copied automatically, but unintentionally, to an external computer under certain circumstances. It is also possible, for example, to unintentionally overwrite existing data in this manner. Planning errors in this case could result in a loss of integrity and confidentiality of the directory data.

When using login scripts for users or user groups, a lack of planning or inefficient planning could lead to inconsistencies in the security policy specified. Furthermore, the following additional problems could also result from a lack of planning or inadequate planning:

© Federal Office for Information Security. All rights reserved.