CertiGuide to Security+  9  Chapter 2:  Communication Security (Domain 2.0; 20%)       9  2.4  Directory

2.4  Directory 1 2.4.2  LDAP

Secure Sockets Layer (SSL), and its more flexible successor, Transport Layer Security (TLS)²²², described in RFC 2246²²³, are popular standards for encryption of Internet communications, which operate just above TCP/IP²²⁴. They were discussed in general in section 2.3.1.

SSL and TLS also have specific application in the area of directory services.

Information provided by directory services can include sensitive details about the enterprise and its network configuration – types of data that you wouldn’t want an attacker with a network packet sniffer to have. Therefore, many directory services can make use of encryption when sending data back and forth between directory service client and server.

If your directory service supports an encrypted communication path, use it. If you’re using vanilla LDAP, consider moving to LDAP over TLS, which provides such encryption.

2.4  Directory 1 2.4.2  LDAP