S 2.404 Creating a security concept for directory services

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: IT Security Officer

A security concept must be created for the directory service. The security concept specifies which services, components etc. may (and should) be used and in which manner. The following list provides a rough overview of the areas to be regulated in the concept. The list needs to be adapted, specified in detail, and expanded according to the operational scenarios existing in the organisation. These specific security policies must be in agreement with the organisation's overall security concept.

General information:

• How should the directory service server be protected physically?
• Which directory service components may be used?
• Which tools should be used for administration?
• How will the directory service tree be structured and partitioned?
• On which scale are changes to the schema allowed and when can such changes be made?
• Which object classes may be used with which sets of attributes?
• Which replications of which type should be generated?
• Which computers are directory service servers and which computers should be provided with a replication?
• Which computers need special protection as root domain members?

Assigning rights:

• Which users should be allowed to exercise which rights?
• Which administrator should be allowed to exercise which rights?
• Which authentication methods should be selected?
• How is the inheritance of rights defined within the tree structure?

Administration:

• Which administrator roles are defined?
• Who is allowed to make changes to the schema and at which times?
• Which administrative tasks may and/or should be delegated?

Data communication:

• Which data needs to be protected during communication?
• With which mechanisms are the availability, confidentiality, and integrity of the data protected?

Certificate authority:

• Which parameters must be specified for the certificate authority?
• Who is allowed to change the certificate authority settings?
• Which objects must have certificates assigned to them?
• Which certificates will be used for SSL connections?

File system of the underlying operating system:

• Which authorisations to system files should be granted to the different administrators and users?
• Should encryption be used at the file system level?

LDAP:

• Which users are allowed to access the directory service via LDAP and under which conditions?
• Should anonymous login be supported?
• Which network applications are allowed to access the directory service via LDAP?
• Should LDAP communication be performed in general using SSL?
• Are user passwords allowed to be transmitted in plain text?

Client access to the directory service:

• Which authentication method should be used or permitted?
• Which directory tree is allowed to be accessed from the network?
• Which resources are accessible from the network by which users?

Encryption of attributes:

• Should encryption be used for the attributes?

Remote access to the system monitor and administration:

• Is a tool for remote maintenance allowed to be used?
• Who is allowed to use such tools?
• How is the HTTPS protocol configured for this purpose?

The aspects described here need to be examined in more detail in a security policy for directory services (see S 2.405 Drawing up a security policy for the use of directory services).

Review questions:

• Was a security concept for directory services created?
• Was this security concept coordinated with the overall security concept of the entire organisation?