Page 364 - StudyBook.pdf
P. 364
348 Chapter 5 • Communication Security: Web Based Services
S/FTP establishes a tunnel between the FTP client and the server, and
transmits data between them using encryption and authentication that is
based on digital certificates. It uses port 22.
LDAP Security
LDAP clients can use anonymous authentication, where they aren’t
required to provide a password, or simple authentication, where passwords
are sent unencrypted before being allowed access to the directory.
To ensure security, LDAPS can be used to send authentication information
encrypted.
Authentication information is sent from the client to the server as part of
a “bind” operation, while closing the connection is part of an “unbind”
operation.
LDAP can be used over SSL/TLS, which extends security. LDAPS
encrypts connections using SSL/TLS.
LDAP use TCP/UDP port 389 and LDAPS uses port 636. By blocking
these ports form the Internet, it will prevent those outside of the internal
network from listening or making connections to these ports.
LDAP-enabled Web servers can handle authentication centrally, using the
LDAP directory.This means users will only need a single login name and
password for accessing all resources that use the directory.
LDAP is vulnerable to various security threats, including spoofing of
directory services, as well as attacks against the databases that provide the
directory services and many of the other attack types that can be launched
against other types of services (for example, viruses, OS and protocol
exploits, excessive use of resources and DoS attacks, and so on).
www.syngress.com
