subject: H1- Concept of LDAP signing in Windows Server 2008 [print this page] Author: Dave Brown Author: Dave Brown
If you are working on Internet, then your system can be stuck in many threats. These threats can be like impersonation of legitimate user, man-in-the-middle attack, intruder interception and many more. These threats will not let you perform your work easily. They can also steal your personal information. So, it is necessary to take precautions from these attacks. Now, the requirement of improving the safety of servers should be fulfilled. The security of any directory server can be improved by refusing Simple Authentication and Security Layer (SASL) LDAP binds that do not call for signing. Unsigned network traffic is sensitive for many attacks. This network is sensitive for man-in-the-middle attacks. In these attacks an intruder takes information between client and server, after that it modifies that information and then forwards it to the server. If the server involved in above case is LDAP server, then it can make forged requests also. In the Windows Server, when unsigned SASL LDAP binds or LDAP simple binds over a non-SSL/TLS connection, then the Windows server will perform a summary event 2888 one time every 24hours. In this situation, you have to use group policy on Windows Server, follow these steps to perform this: On the Windows Server, click Start. Then click Run, type mmc.exe, and then click OK. Then on the File menu, click Add/Remove Snap-in. After this, in the Add or Remove Snap-in dialog box, click Group Policy Management Editor, click Add. Then you will view Select Group Policy Object dialog box, click Browse. In the Browse for a Group Policy Object dialog box, click Default Domain Policy under the Domains, OUs and linked Group Policy Objects area and then click OK. After this you have to click on Finish.Then Click on OK. When you had performed all the steps mentioned above, then expand Default Domain Controller Policy. Then expand Computer Configuration, expand Policies, expand Windows Settings. After this, expand Security Settings, expand Local Policies and then expand Security Options. Then you have to right-click on Domain controller, chose LDAP server signing requirements and then click Properties. In the Domain controller, select LDAP server signing requirements Properties dialog box. After this, enable Define this policy setting, click to select Require signing in the Define this policy setting drop-down list and then click OK. Then click yes in the Confirm Setting Change dialog box. If you need in any type of windows server support, then you can look forward to iYogi, a global leader in providing technical solutions.About the Author:
Dave Brown is a content writer at Iyogi Technical Services which provides server support services including Microsoft windows 2003 server, and virtual private network server support for small businesses servers and organisations having windows server.
