LDAP Systems and Good Practices

Djambo Matamoros, IBM XFTM Blue Squad Lead

Raul, Raul Morales Viquez, SIEM Administrator

SkillsBuild Partner
JUNE 2023
Introduction to LDAP
Working of LDAP LDAP vs DNS
What is LDAP?
LDAP stands for Lightweight LDAP works by providing a LDAP is more flexible than DNS,
Directory Access Protocol, a directory of information that can which can only be used to
protocol used to manage and be consulted by network manage IP addresses.
access directory information. applications.

AS
Introduction to LDAP
What is the LDAP port? Working of LDAP LDAP SSL/TLS
LDAP is used to maintain directories of
389 TCP/UDP – Unencrypted Lightweight Directory Access users and other objects over an
636 TCP - Encrypted Protocol is used to maintain encrypted Secure Sockets Layer or
directories of users and other Transport Layer Security SSL/TLS
objects. connection.

AS
What is LDAP and How Does It Work?

LDAP Client
The LDAP client is an application that allows
users to access the LDAP directory.

1 2 3

LDAP Directory LDAP Server

The LDAP directory is a database The LDAP server is responsible for managing

that stores information about users the LDAP directory, storing and retrieving

and network resources. information as requested.

AS
 Directory Services

Map resource names to their

corresponding network addresses,
allowing discovery of and
communication with devices, files, users,
or any other asset.
Objects

Organizational Units Group

Policies

Hierarchical
Database

Forests, trees,
Domains
Directory Services
that support LDAP
 DC = com

DC = example

OU = people

cn = jsmith

DN : cn=jsmith, ou=people, dc=example, dc=com

 What is Active Directory?

A Directory Service A Centralized Data Store A Scalable Solution

Active Directory is a network directory It provides a centralized data store for Active Directory is scalable and can support

service that contains information about for managing network resources and support millions of objects and thousands of

users, groups, resources, and other and makes network administration thousands of domains, making it suitable for

network objects. simpler for administrators. suitable for organizations of all sizes.
Components of Active Directory

Domains
Organizational Units (OUs) Trust Relationships
Domains are the core
components of Active Directory. OUs are used to organize and
manage objects within domains. Trust relationships enable users
They define administrative and They enable delegation of in one domain to access
security boundaries, and each administrative authority and
resources in another domain.
authority and granular control of
domain contains objects such as Group Policy settings. They provide a way to share
users, groups, and computers. resources across domains.

Domain Controllers

The primary function of domain controllers is to authenticate and validate users on a network, including group
policies, user credentials, and computer names to determine and validate user access.
 Trust Domains

One-way Trust
Two-way Trust Trusted Domain: Transitive Trust
One domain allows access to
users on another domain, Two domains allow The domain that is
access to users on Trust relationships
trusted; whose users
but the other domain does both domains. have access to the enable users in one
not allow access to users on trusting domain.
domain to access
the first resources in another
domain. domain. They provide
a way to share
Intransitive (non-transitive) Trust: resources across
A one way trust that does not extend beyond two domains. domains.
 Benefits of using Active Directory

1 2 3
Centralized Group Policy
Management Single Sign-On Management

Active Directory provides a Users can easily access multiple Group policies provide a
centralized location to manage multiple network resources with mechanism to configure and
resources, which simplifies with a single set of credentials, and manage settings for users
network administration. credentials, making it easier to users and computers across your
to manage authentication and your network.
 How to manage Active Directory?

Active Directory
Server Manager Regular Meetings
Administrative Center
This tool provides a graphical user Hold regular meetings with your
Use Server Manager to manage Active
interface to manage Active your team and stakeholders to
Active Directory, where you can manage
Directory, where you can create, discuss the performance of your
manage servers, roles, and features, and
delete, modify, or move objects your Active Directory, address
and configure network settings.
within the directory. issues, and plan for the future.
Best practices for Active Directory implementation
1 2 3 4

Plan your design Secure domain controllers Monitor performance Regular Maintenance
Before implementing Implement security Monitor the Perform regular
Active Directory, plan security best performance of your maintenance tasks,
the domain design, OU practices for domain your domain like backing up the
OU structure, and group domain controllers, controllers and servers system state data,
group policy strategy. controllers, like servers to detect and verifying the domain
This will prevent issues enabling firewalls, and prevent issues and domain operation,
issues later on. antivirus, and and improve and removing inactive
regular patching. efficiency. inactive accounts.
Access Control Systems
LDAP Integration
Examples
 LDAP Commands

LDAP Linux commands Active Directory Ldap queries

Ldapadd Get-ADUser

Ldapmodify Get-ADComputer

ldapsearch Get-ADGroup

Ldapbind Get-ADObject

Ldapdelete

ldapmoddn
 Best Practices

The Security+ Certification provides a foundational knowledge of

cybersecurity concepts and techniques, including threat identification, risk
mitigation, and network security.

Security threats Risk mitigation Network security protocols

Explore the most common security Understand the various network security
Discover methods for assessing and
threats from insider threats to social protocols such as firewalls, intrusion
reducing risk, including vulnerability
engineering and how to mitigate
scanning and penetration testing. detection systems, and virtual private
them.
networks.
 Data Encryption Techniques
Asymmetric encryption
Understand how asymmetric encryption uses a public key
for encryption and a private key for decryption.

1 2 3

Symmetric encryption Hashing

Learn how symmetric encryption Explore how hashing is used for data integrity checks,

uses the same key for both digital signatures, and other security applications.

encryption and decryption.

 Methods for Identifying and Mitigating Risks

Vulnerability management Security information and event

Penetration testing
management (SIEM)
Discover how to use vulnerability Understand how the process of Learn how SIEM systems can
scanning and patch management penetration testing simulates an help identify security incidents
to identify and mitigate risks. attack to identify vulnerabilities in in real-time by analyzing logs
the system. and events from various
sources.

Disaster recovery

Explore ways to plan and execute a disaster recovery strategy that can help you quickly recover systems
and data in case of data loss and system failures.
 Best Practices for Implementing Security Measures

Identity and Access Physical Security Compliance

Management (IAM)
Learn about the best practices for Understand the measures organizations Explore the best practices for ensuring

implementing IAM that includes strong can take to secure physical infrastructure compliance with industry regulations and
authentication techniques and such as buildings, data centers, and standards such as HIPAA, PCI-DSS, and

password policies. offices. GDPR.

 The Power of SSO and MFA

Learn how single sign-on (SSO) and multi-factor authentication (MFA) can
maximize security and improve user experience. Join us as we explore the
differences, advantages, and best practices for implementation and
usage.
Single Sign-On (SSO)

Definition Benefits Implementation

Allows users to securely Enhances user
Choose an SSO platform or
authenticate once and experience, improves
build in-house, integrate with
access multiple applications productivity, and cuts
applications through SAML,
and services without further down help desk costs.
OpenID or OAuth.
login prompts.

Best Practices
Use complex passwords and monitor usage, limit access to sensitive information, streamline provisioning and deprovisioning.
 Multi-Factor Authentication (MFA)

What is it? A security measure that requires users to provide two or

more means of identification (e.g. password, fingerprint,
security token, or facial recognition) to verify their identity.

Why use it? Provides an additional layer of protection, decreasing the

risk of unauthorized access and data breaches.

1. Evaluate the risks and decide which factors to use;

Implementation
2. Select a MFA provider or build in-house;
3. Integrate with applications and services;
4. Educate employees on how to use the system.

Best Practices Choose strong authentication factors, configure risk-based authentication policies,
enforce regular password changes, monitor user activity and audit trails.
 Differences between SSO and MFA

Users Security Applications User Experience

SSO: Only one set of credentials SSO: One authentication point is SSO: Access to all web and SSO: Seamless access to multiple apps;

for multiple apps. vulnerable to attack. mobile applications. less login prompts.

MFA: Multiple factors decrease MFA: Used for specific high-risk MFA: Two or more authentication factors
MFA: Multiple authentication
the risk of unauthorized access. applications. can disrupt user experience.
factors for one app.
Advantages and Disadvantages of SSO

1 2

Advantages Disadvantages
Improved user experience, One point of failure,
increased productivity, and potential security risk, and
streamlined authentication. difficulty implementing in-
house.
Advantages and Disadvantages of MFA

1 2

Advantages Disadvantages

Enhanced security, reduced Increased complexity,

risk, and audit trails for disruption to user

compliance. experience, and higher

costs for multiple
authentication factors.
Advantages and Disadvantages of MFA

1 2

Advantages Disadvantages

Enhanced security, reduced Increased complexity,

risk, and audit trails for disruption to user

compliance. experience, and higher

costs for multiple
authentication factors.
 How to Implement SSO and MFA

SSO MFA

Choose an SSO platform, integrate with Select MFA provider or in-house building,
applications, provide training to employees, and configure policies, integrate with
monitor usage and security. applications, educate employees, and
monitor performance and usage.
 Best Practices for SSO and MFA Usage
Password Management
Require complex passwords, enforce password policies,
and use password managers.

1 2 3

Identity & Access Management Continuous Review & Improvement

Define roles and permissions, Conduct regular security scans, monitor logs, track user

restrict access to sensitive data, activity trends, and evaluate success metrics.

and audit user access.