You may be using a Web browser that does not support standards for accessibility and user interaction. Find out why you should upgrade your browser for a better experience of this and other standards-based sites...

Dartmouth Home  Search  Index

Dartmouth HomeSearchIndex

 Dartmouth home page
Computing at Dartmouth
 

Home | Resources | Services | Support | About
Computing > About > Depts. > Technical Svcs. > Software > Projects > DND >  

DND Server Security

There are several security issues to consider:

  • Encrypting the connection to the DND server.
  • Protecting the password against sniffing.
  • Password quality checks.
  • Administrative access to the DND server.
  • The security of the underlying DND database.

Encrypted Network Connections

The DND server supports both SSL and non-SSL connections. Querying/modifying publicly-visible attributes does not absolutely require SSL, but for privacy, we now recommend that all clients routinely use SSL connections.

Even if the entire connection is not SSL-encrypted, the DND supports authentication mechanisms that protect the password against sniffing.

Authentication Methods - Protecting the Password

The DND supports a variety of standard authentication mechanisms. In all cases, the guiding principle is that user password information is never sent unencrypted across the network.

In rough order of preference, supported mechanisms are:

  • SSL client certificate (CERT command).
  • CRAM-MD5 challenge/response (AUTH_MD5/PASS_MD5 command).
  • Kerberos4 ticket (KRB4 command).
  • Name/Password over SSL connection (PASS command).

The following authentication method is deprecated and should not be used:

  • AppleShare-style DES-based random number challenge/response (limits passwords to eight characters).

Password Quality Checks

The DND can be configured to enforce password quality checks, such as requiring a minimum length, disallowing dictionary words, etc. The DND itself does not enforce password expiration, but it does automatically maintain a "last password change" date to allow applications to enforce their own password expiration policies

Administrative Access

Access to control connections is granted only to users who have AUTH permission (in the PERM field of the user record). Use of this permission should be carefully restricted, since it gives one the ability to see or change any part of the DND database. A higher level of access (DBA permission) is required in order to grant AUTH permission to others.

Administrators connect directly to the DND server process using an SSH connection (terminal-based) or an SSL connection from the DNDGui administrative tool. All administrative operations are logged for auditing

Database Security

Securing the back-end database is obviously critical to the security of the DND as a whole. Filesystem permissions and LDAP or Oracle administrative accounts (depending on the back-end in use) need to be carefully scrutinized. In general, directly modifying the underlying database (be it a text file, LDAP, or Oracle) is strongly discouraged, because it bypasses the DND server's consistency checks.

07/07/08

Last Updated: 7/8/08