Overview of Security Methods134 Netscape Directory Server Deployment Guide • August 2002Overview of Security MethodsDirectory Server offers a number of methods that you can use to design an overallsecurity policy that is adapted to your needs. Your security policy should be strongenough to prevent sensitive information from being modified or retrieved byunauthorized users while simple enough to administer easily. A complex securitypolicy can lead to mistakes that either prevent people from accessing informationthat you want them to access or, worse, allow people to modify or retrievedirectory information that you do not want them to access.Directory Server provides the following security methods:• Authentication—A means for one party verifies another’s identity. Forexample, a client gives a password to Directory Server during an LDAP bindoperation.• Password policies—Defines the criteria that a password must satisfy to beconsidered valid, for example, age, length, and syntax.• Encryption—Protects the privacy of information. When data is encrypted, it isscrambled in a way that only the recipient can understand.• Access control—Tailors the access rights granted to different directory users,and provides a means of specifying required credentials or bind attributes.• Account inactivation—Disables a user account, group of accounts or an entiredomain so that all authentication attempts are automatically rejected.• Signing with SSL—Maintains the integrity of information. If information issigned, the recipient can determine that it was not tampered with duringtransit.• Auditing—Allows you to determine if the security of your directory has beencompromised. For example, you can audit the log files maintained by yourdirectory.These tools for maintaining security can be used in combination in your securitydesign. You can also use other features of the directory such as replication and datadistribution to support your security design.Selecting Appropriate Authentication MethodsA basic decision you need to make regarding your security policy is how usersaccess the directory. Will you allow anonymous access, or will you require everyperson who uses your directory to bind to the directory?