Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Deployment Planning Guide 11g Release 1 (11.1.1.5.0) |
Part I Overview of Deployment Planning for Directory Server Enterprise Edition
1. Introduction to Deployment Planning for Directory Server Enterprise Edition
2. Business Analysis for Directory Server Enterprise Edition
Part II Technical Requirements
3. Usage Analysis for Directory Server Enterprise Edition
4. Defining Data Characteristics
5. Defining Service Level Agreements
6. Tuning System Characteristics and Hardware Sizing
7. Identifying Security Requirements
Determining Authentication Methods
Simple Password Authentication
Simple Password Authentication Over a Secure Connection
Certificate-Based Client Authentication
SASL-Based Client Authentication
Preventing Authentication by Account Inactivation
Preventing Authentication by Using Global Account Lockout
External Authentication Mappings and Services
Password Policies in a Replicated Environment
Password Synchronization With Windows
Determining Encryption Methods
Attribute Encryption Implementation
Attribute Encryption and Performance
Designing Access Control With ACIs
Obtaining Effective Rights Information
Designing Access Control With Connection Rules
Designing Access Control With Directory Proxy Server
8. Identifying Administration and Monitoring Requirements
9. Designing a Basic Deployment
10. Designing a Scaled Deployment
11. Designing a Global Deployment
12. Designing a Highly Available Deployment
Part IV Advanced Deployment Topics
13. Using LDAP-Based Naming With Solaris
14. Deploying a Virtual Directory
A security policy must be able to prevent sensitive information from being modified or retrieved by unauthorized users, but easy enough to administer.
Directory Server Enterprise Edition provides the following security methods:
Authentication. Provides a means for one party to verify another’s identity. For example, a client gives a password to Directory Server during an LDAP bind operation. As part of the authentication process, password policies define the criteria that a password must satisfy to be considered valid, for example, age, length, and syntax. Account inactivation disables a user account, group of accounts, or an entire domain so that all authentication attempts are automatically rejected.
Encryption. Protects the privacy of information. When data is encrypted, the data is scrambled in a way that only the recipient can decode. The Secure Sockets Layer (SSL) maintains data integrity by encrypting information in transit. If encryption and message digests are applied to the information being sent, the recipient can determine that the information was not tampered with during transit. Attribute encryption maintains data integrity by encrypting stored information.
Access control. Tailors the access rights that are granted to different directory users, and provides a means of specifying required credentials or bind attributes.
Auditing. Enables you to determine if the security of your directory has been compromised. For example, you can audit the log files maintained by your directory.
These security tools can be used in combination in your security design. You can also use other features of the directory, such as replication and data distribution, to support your security design.