H1- Concept of LDAP Signing in Windows Server 2008 - If you are working on Internet, then your system can be stuck in many threats. These threats can be like impersonation of legitimate user, man-in-the-middle attack, intruder interception and many more.
H1- Concept of LDAP Signing in Windows Server 2008
By Dave Brown
Jan 8, 2010 - 4:26:57 PM
If
you are working on Internet, then your system can be stuck in many threats.
These threats can be like impersonation of legitimate user, man-in-the-middle
attack, intruder interception and many more. These threats will not let you
perform your work easily. They can also steal your personal information. So, it
is necessary to take precautions from these attacks.
Now,
the requirement of improving the safety of servers should be fulfilled. The
security of any directory server can be improved by refusing Simple
Authentication and Security Layer (SASL) LDAP binds that do not call for
signing. Unsigned network traffic is sensitive for many attacks. This network
is sensitive for man-in-the-middle attacks. In these attacks an intruder takes
information between client and server, after that it modifies that information
and then forwards it to the server. If the server involved in above case is
LDAP server, then it can make forged requests also.
In
the
Windows Server, when unsigned SASL LDAP binds or LDAP simple binds
over a non-SSL/TLS connection, then the
Windows server will perform a
summary event 2888 one time every 24hours. In this situation, you have to use
group policy on
Windows Server, follow these steps to perform this:
On
the
Windows Server, click Start. Then click Run, type mmc.exe, and then
click OK. Then on the File menu, click Add/Remove Snap-in. After this, in
the Add or Remove Snap-in dialog box, click Group Policy Management Editor,
click Add. Then you will view Select Group Policy Object dialog box, click
Browse. In the Browse for a Group Policy Object dialog box, click Default
Domain Policy under the Domains, OUs and linked Group Policy Objects area and
then click OK. After this you have to click on Finish. Then Click on OK.
When
you had performed all the steps mentioned above, then expand Default Domain
Controller Policy. Then expand Computer Configuration, expand Policies, expand
Windows Settings. After this, expand Security Settings, expand Local Policies
and then expand Security Options.
Then
you have to right-click on Domain controller, chose LDAP server signing
requirements and then click Properties. In the Domain controller, select
LDAP server signing requirements
Properties dialog box. After this, enable Define this policy setting, click to
select Require signing in the Define this policy setting drop-down list and
then click OK. Then click yes in the Confirm Setting Change dialog box. If you
need in any type of windows server support, then you can look forward to iYogi, a
global leader in providing technical solutions.
Dave Brown is a content writer at Iyogi Technical Services which provides server
support services including Microsoft windows 2003 server, and virtual private network server
support for small businesses servers and organisations having windows server
Disclaimer: Dime-Co.Com is an online information article and video article network. All articles, video articles, comments, and other features herein are for informational purposes only and are provided "as is" without warranties, representations or guarantees of any kind. The views and opinions expressed in an article, comments, links or blogs are the author's own, and not necessarily those of dime-co.com's owners. For full disclaimer, please read our TOS.