ldap directory services: security. directory security syllabus brief review of directories and ldap...

LDAP Directory Services:

Security

Directory Security Syllabus

Brief Review of Directories and LDAP Brief Review of Security Basic Security Concepts Security as Applied to Directories

Threats LDAP Protocol Security Features Typically Implemented Security Features Futures References

Directory SecurityBrief Review of Directories & LDAP

DirectoryDatabase

Network

Directory Service

DirectoryInformation

Tree(DIT)

A

B C

F

D

E G

H I

Client

search “G,C,A”

LDAP

Directory SecurityBrief Review of Directories & LDAP• What directories are…

– Object repositories

– Typically read more than written

– Have explicit access protocols

– Support relatively complex queries

• What directories are not…

– RDBMSs

– Lack notions of..• Tabular views

• JOIN operations

• Stored Procedures

Directory SecurityBrief Review of Directories & LDAP

• Obligatory, overly-simplified, Protocol Stack Diagram

Directory-based Application

IPEthernet, Cable, Wireless, whatever.

TCP

LDAP

Directory SecurityBrief Review of Security

• Notion of Security for a network protocol is comprised of (at least) these axes..

– Identity & Authentication• “Who are you and who says so?”

– Confidentiality • “Tough petunias to eavesdroppers.”

– Integrity• “Did anyone muck with this data?”

– Authorization• “Yes, you can do that, but no, you can’t do that other thing.”

Directory SecurityBasic Security Concepts

• Notions...– The notion of Identity– Of Names and Identifiers

• Authentication Identity

• Authorization Identity

– Anonymity

Directory SecurityBasic Security Concepts

Overall Namespace

Names Identifiers

Directory SecurityBasic Security Concepts

• The applicable “science & technology of implementation”...– Ciphers– Encryption– Integrity

• AKA Cryptography [11]

Directory Security Basic Security Concepts, cont’d

Directory Security Basic Security Concepts, cont’d

Directory Security Basic Security Concepts, cont’d

Directory SecuritySecurity as Applied to Directories

• One needs to separately consider each of the four security axes in the context of anticipated threats.

• Also need to consider security from the perspectives of..

– the info stored in the directory, and..

– attributes of the requesters.• E.g. how much you trust them.

• Note that..

– data security != access security

Directory SecurityExample Deployment Scenarios

Anonymous Requesters? Identified Requesters?

Read/Write?

Read/Write?

1 N N Y RO N None2 N N N N/A Y RO Secure Authentication

3 N Y N/A N/A N/A N/A

Mutual authentication, Connection Integrity-Protection

4 N N Y RO Y RW Secure Authentication

5 Y Y N/A N/A N/A N/A

Mutual authentication, Connection Integrity- and Confidentiality- Protection

Required Directory-Specific Security Mechanisms or

Functions

Connection Hijacking or IP

Spoofing Threats?sc

enar

ios Contains

Sesitive Data?

Directory Security Threats

DirectoryDatabase

Network

LegitimateDirectory

Service

Client

search “G,C,A”

LDAP

1.

2, 3

, 5, 6.4

, 7.

7.

DirectoryDatabase

ImposterDirectory

Service

A

B C

F

D

E G

H I

Directory Security Threats, cont’d

DirectoryDatabase

Network

Directory Service Host(s)

8.

9.

10.

Directory Security LDAP Protocol Security Features

• Formal notions of..

– Authentication Identifiers [7], and.. – Authorization Identifiers [7]

• Leverages several security mechanisms..– Simple passwords [2, 8]

– SASL [6]

• Kerberos [2]

• Digest [4]

– SSL/TLS [7]

• effectively is a session layer

• The above may be used in various combinations together.

Directory Security LDAP Protocol Security Features

• Integral-to-the-protocol data integrity and attribution are works-in-progress.

LDAP

Directory Security LDAP Security Features Illustrated

DirectoryDatabase

Network

LegitimateDirectory

Service

Client

search “G,C,A”

A

B C

F

D

E G

H I

Authenticated, plus Confidentiality- and Integrity-protected Channel

LDAP

ImposterDirectory

Service

DirectoryDatabase

Directory SecurityBrief Intro to Directories and LDAP

Directory-based Application

IP

Ethernet, Cable, Wireless,Etc.

TCP

TLS

LDAP

Directory SecurityBrief Intro to Directories and LDAP

Directory-based Application

IPEthernet, Cable, Wireless, Etc.

TCP

TLS SASLLDAP

Directory SecurityTypical Security Features of Impls

• Security Features typically found in LDAP Implementations

• Simple password-based Authentication.

• SSL on port 636 (aka “LDAPS”)

• At least one impl does StartTLS on port 389.

• Access control.

• Configurability (e.g. Netscape’s DS Plug-ins).

Directory SecurityTypical Impl Security Features, cont’d

• Important Notice:– The LDAP protocol is NOT an authentication protocol in and of

itself (IMHO).

– One MAY use LDAP itself as an authentication protocol, but one needs to carefully consider what functionality it does and doesn’t bring to your deployment when used in this manner.

• Deployment configuration is critical

• Many server-side knobs

– e.g. requiring client authentication

Directory SecurityExample Directory Service Deployment(s)

Desktop ClientsDesktop ClientsClients

LDAPLDAP-based

Directory Service

LDAP-based

Directory Service

Authentication Service

Authentication Service

Auth DB

Directory DB

Registry DB

Auth DB

Directory DB

Directory Security Behind the Scenes (simplified)

LDAP

TDS

Middleware Event Broker

Middleware Event Broker

RegistryRegistry

TDS

Subject’sDesktop(browser)

Web-based User Interface

for Data Maintenance

Web-based User Interface

for Data Maintenance

HTTP (effectively authenticated writes)

Directory Service

Directory Service

LDAP (Reads)

Network-basedApplicationsNetwork-basedApplicationsNetwork-basedApplications

Desktops(Browsers)

SUNetIDSystem

SUNetIDSystem

TDS