[Network Administration]: Some Notes on Security

Before moving on, I’ll put some notes here on security. Basically, there really isn’t any. At some point, if someone really wants to get in, they’re going to. Hopefully, it won’t be malicious, and it won’t be that easy, but unless you’re completely isolated from the internet, I just don’t see any way that a machine can be completely secure. Possibly the best way is to try to stay out ahead. There are some things that can make things harder for an intruder. Probably, the best way is to really limit the number of network services. Especially, ways that are less secure. The less services running that are unneeded, the less visibility on the network. Also, I don’t have my KDC or LDAP server directly accessible from the internet. Of course, all of this means that it’s all less accessible to me, but that’s something that I can live with. Also, there is a very limited set of users who have access.
Continue reading “[Network Administration]: Some Notes on Security”

[Network Administration]: LDAP Directory Service – Backend

I have my authentication service up with the Kerberos services. Next I need a service to perform authorization. This will determine what services are granted once authorization has been performed. For this I’m using an LDAP directory. LDAP stands for Lightweight Directory Access Protocol. LDAP is a protocol for accessing a directory. The actual implementation that I’m using is OpenLDAP which is an open source implementation of the LDAP directory server running on a Linux machine. The directory can contain all types of information that conforms to a set of schema that is specified and is searchable. Continue reading “[Network Administration]: LDAP Directory Service – Backend”