S 4.308 Secure installation of directory services

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

After all general conditions for the use of a directory service have been planned and specified (see S 2.403 Planning the use of directory services), the directory service components need to be installed on the relevant servers and clients. A directory service server is not completely configured during the installation phase, which means that some of the desired security settings may not be activated yet. It is therefore recommended to perform the initial configuration either in a protected environment or to load a predefined, default configuration as an alternative. However, the default configuration delivered by the manufacturer should never be put into operation in a live network because experience has shown that the default configuration will not provide adequate operational security.

The same also applies when the directory service needs to be updated or reinstalled due to a migration (see S 2.408 Planning the migration of directory services).

If a directory service server is installed in an existing directory tree, then it will be necessary to specify its exact context. It is very difficult to move the server within the tree after it has been installed.

The initial configuration of the local security settings is also specified during installation. The most important basic settings relate to:

• the definition of the directory service tree,
• the directory service access authorisations,
• the directory service inheritance settings, and
• the security settings for LDAP access.

These settings can be specified to some extent during installation, but some will only be initialised by default values. It may be necessary to specify some settings without using encrypted access before SSL-secured LDAP access can be obtained. Depending on which directory service module is used, it is necessary to set up a secure installation configuration for each module that prevents access as long as the server is in the initial configuration phase and until the specified security policies have been implemented. Additional recommendations on this subject can be found in S 4.307 Secure configuration of directory services.

In general, the following must be considered from a security perspective during installation:

• The access rights for directory service objects on the systems that were updated to a new version or were obtained from other directory systems must be updated.
• Upgrade mechanisms may change the default settings, for example by including another directory service in an existing directory service structure.
• If a new server will be added to an existing directory service tree, then the implicit inheritance mechanism will reduce the time required for initial configuration considerably. It must be critically examined in this case if the inheritance mechanism changes settings to undesired values, which can in turn lead to security gaps.
• Special care must be taken when installing the directory service server because it stores data requiring protection during subsequent operation of the server.

Directory service servers may only be installed and operated on servers that are located in a physically secure environment, for example in a server room or a server cabinet. This applies especially to directory service servers that store data requiring special protection.

Review questions:

• Is the directory service server located in a physically protected environment?
• Is there a concept available specifying which administration and access authorisations need to be configured in the security settings of the directory service during installation?
• Were the access rights for directory service objects on systems that have been updated to a new version or that were obtained from other directory systems also updated?