9.2. Analyzing Security Needs

Analyze the environment and users to identify specific security needs. The site survey in Chapter 3, Designing the Directory Schema clarifies some basic decisions about who can read and write the individual pieces of data in the directory. This information forms the basis of the security design.

The way security is implemented also depends on how the directory service is used to support the business. A directory that serves an intranet does not require the same security measures as a directory that supports an extranet or e-commerce applications that are open to the Internet.

If the directory only serves an intranet, consider what level of access is needed for information:

How to provide users and applications with access to the information they need to perform their jobs.
How to protect sensitive data regarding employees or the business from general access.

If the directory serves an extranet or supports e-commerce applications over the Internet, there are additional points to consider:

How to offer customers a guarantee of privacy.
How to guarantee information integrity.

The following sections provide information about analyzing security needs.

9.2.1. Determining Access Rights

The data analysis identifies what information users, groups, partners, customers, and applications need to access the directory service.

Access rights can be granted in one of two ways:

Grant all categories of users as many rights as possible while still protecting sensitive data.
An open method requires accurately determining what data are sensitive or critical to the business.
Grant each category of users the minimum access they require to do their jobs.
A restrictive method requires minutely understanding the information needs of each category of user inside, and possibly outside, of the organization.

Irrespective of the method used to determine access rights, create a simple table that lists the categories of users in the organization and the access rights granted to each. Consider creating a table that lists the sensitive data held in the directory and, for each piece of data, the steps taken to protect it.

For information about checking the identity of users, see Section 9.4, “Selecting Appropriate Authentication Methods”. For information about restricting access to directory information, see Section 9.7, “Designing Access Control”

9.2.2. Ensuring Data Privacy and Integrity

When using the directory to support exchanges with business partners over an extranet or to support e-commerce applications with customers on the Internet, ensure the privacy and the integrity of the data exchanged.

There are several ways to do this:

By encrypting data transfers.
By using certificates to sign data transfers.

For information about encryption methods provided in Directory Server, see Section 9.6.2.10, “Password Storage Schemes”

For information about signing data, see Section 9.9, “Securing Server Connections”.

For information about encrypting sensitive information as it is stored in the Directory Server database, see Section 9.8, “Database Encryption”

9.2.3. Conducting Regular Audits

As an extra security measure, conduct regular audits to verify the efficiency of the overall security policy by examining the log files and the information recorded by the SNMP agents.

For more information about SNMP, refer to the Red Hat Directory Server Administrator's Guide. For more information about log files and SNMP, see the Red Hat Directory Server Administrator's Guide.

9.2.4. Example Security Needs Analysis

The examples provided in this section illustrate how the imaginary ISP company "example.com" analyzes its security needs.

example.com's business is to offer web hosting and Internet access. Part of example.com's activity is to host the directories of client companies. It also provides Internet access to a number of individual subscribers.

Therefore, example.com has three main categories of information in its directory:

example.com internal information
Information belonging to corporate customers
Information pertaining to individual subscribers

example.com needs the following access controls:

Provide access to the directory administrators of hosted companies (example_a and example_b) to their own directory information.
Implement access control policies for hosted companies' directory information.
Implement a standard access control policy for all individual clients who use example.com for Internet access from their homes.
Deny access to example.com's corporate directory to all outsiders.
Grant read access to example.com's directory of subscribers to the world.