Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.4  Directory

Previous Topic/Section
2.4.1  SSL/TLS
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5  File Transfer
Next Topic/Section

2.4.2  LDAP

LDAP, the Lightweight Directory Access Protocol, is the most common directory access protocol in use. It implements a tree-structured directory and is a subset of X.500, which was specified in RFC 1487 in 1993. Nobody follows X.500 completely because it is too much of a monster, so in 1995, RFC 1777 defined LDAPv2.

LDAP requires TCP port 389 to be open on your firewall in the inbound direction if you want to allow LDAP-based Directory Service traffic between your internal LDAP server and other hosts on the Internet. You would open it in the outbound direction if users behind your firewall needed to make queries of an LDAP server located outside of your network, on the Internet. Most common directory services, such as Microsoft Active Directory (which stores the security policy information for the network and its users, among other things), Novell eDirectory (the service formerly known as NDS), Netscape iPlanet and OpenLDAP (an open-source project) communicate via LDAP.

As noted above, one issue with LDAP-based directory services is that queries and responses can be sent across the network in unencrypted form.

LDAP Specifications

LDAP (Lightweight Directory Access Protocol) is the most popular directory access protocol.

It implements a tree-structured directory and is based on the X.500 standard.

LDAP uses TCP port 389. To receive and respond to LDAP queries made from hosts on the Internet, open this port on your firewall, in the inbound direction.

If you are concerned about sensitive information from your directory being captured from your LAN via packet-sniffing, consider running LDAP over SSL/TLS to encrypt the directory service traffic, or using another type of encryption provided by your directory service.

In addition to using LDAP for information purposes, you can use it to distribute public key information or as an authentication protocol like RADIUS, TACACS+, Kerberos or NIS.



Previous Topic/Section
2.4.1  SSL/TLS
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5  File Transfer
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.