CertiGuide to Security+  9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)       9  3.5  Security Baselines            9  3.5.3  Application Hardening                 9  3.5.3.9  Data Repositories

3.5.3.9  Data Repositories 1 2 3 3.5.3.9.2  Databases

Lightweight Directory Access Protocol (LDAP)

The most common protocol in use today for retrieval of information from directory services is the Lightweight Directory Access Protocol (LDAP), discussed in a prior section. LDAP requires port 389 to be open on your firewall if you want to allow LDAP-based Directory Service traffic between your internal LDAP server and other hosts on the Internet. To enable your internal hosts to query an LDAP server which sits outside your firewall, open port 389 in the outbound direction. To enable clients on the Internet to query an LDAP server on your internal network, open port 389 in the inbound direction.

Most common directory services, such as Microsoft Active Directory (which stores the security policy information for the network and its users, among other things), Novell eDirectory (the service formerly known as NDS), Netscape iPlanet and OpenLDAP (an open-source project) communicate via LDAP. As you probably guessed by now, the usual caveats apply about running with the most up-to-date security patches and secure configuration settings. Since configuration settings are vendor-specific, see your vendor for details. For nice overviews of Active Directory and NDS, including security tips for NDS, see Directory Services – Design, Implementation, and Management³⁸⁰ by Nancy Cox.

3.5.3.9  Data Repositories 1 2 3 3.5.3.9.2  Databases