CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [135]
Real World Scenario
Where Did All These Strange IP Addresses Originate?
Some of your computer users have suddenly started calling you to indicate that after rebooting their systems, they can no longer access network services or the Internet. After investigating the situation, you discover that the IP addresses they’re using are invalid for your network. The IP addresses are valid, but they aren’t part of your network. You’ve inspected your DHCP server and can’t find a reason for this. What should you investigate next?
You should investigate whether someone has configured another server or device in your network with an active DHCP server. If so, the illicit DHCP server is now leasing addresses to the users instead of the addresses coming from your server, or the systems can’t reach your DHCP server and are getting an Automatic Private IP Addressing (APIPA) address.
This happens when administrators or developers are testing pilot systems. Make sure all test systems are isolated from your production network either by a router or by some other mechanism. These servers are referred to as rogue servers, and they can cause much confusion in a DHCP environment.
In addition to creating and storing data, directory services must publish appropriate data to users. Perhaps the best way to visualize this function is to think of it as the yellow and white pages of a business phone directory. A business wants its name and phone number published in a list that’s in alphabetical order. The business also likely wants its name listed in one or more categories in the directory. If you were a computer consultant, you might want your name and phone number listed under computer consultants, computer trainers, and other areas. This is what a directory can accomplish for you.
Most directory services have implemented a model of hierarchy similar to the one illustrated in Figure 5.7. This hierarchy allows an object to be uniquely identified to directory users.
Security for directory services is critical, and it’s typically accomplished by using both authentication and access control. You wouldn’t want your directory entry to show up just anywhere, would you?
The following sections briefly describe some of the directory services used in networking today. LDAP, Active Directory, and eDirectory are becoming more widely used and are sure to become even more targeted for misuse in the future.
FIGURE 5.7 Directory structure showing unique identification of a user
Lightweight Directory Access Protocol
Lightweight Directory Access Protocol (LDAP) is a standardized directory access protocol that allows queries to be made of directories (specifically, pared-down X.500-based directories). If a directory service supports LDAP, you can query that directory with an LDAP client, but it’s LDAP that is growing in popularity and is being used extensively in online white and yellow pages.
LDAP is the main access protocol used by Active Directory (discussed next). It operates, by default, at port 389. The LDAP syntax uses commas between names.
Active Directory
Microsoft implemented a directory service called Active Directory (AD) with Windows 2000. For Microsoft products, AD is the backbone for all security, access, and network implementations. AD gives administrators full control of resources. It’s a proprietary directory service that provides services for other directory services, such as LDAP. One or more servers manage AD functions; these servers are connected in a tree structure that allows information to be shared or controlled through the entire AD structure.
In conjunction with Active Directory, LDAP uses four different name types:
Distinguished Name A Distinguished Name (DN) exists for every object in AD. These values can’t be duplicates and must be unique. This is the full path of the object,