Security Solutions

Security considerations are especially important for directory servers - since they contain sensitive data such as user passwords, and are the basis for authentication and authorization within an enterprise. Special care must be taken to ensure data security at all times. This is especially true when part of the data needs to be shared with other organizations or departments.

Many organizations use Symlabs Virtual Directory Server to provide a comprehensive LDAP security solution that allows these organizations to share data in a safe and efficient way. Symlabs Virtual Directory Server comes with a complete set of security features, namely:

• Access Control
• LDAP Firewall and Denial-of-Service Protection
• Identity Audit and Compliance

Solution

Access Control

In order to control access to sensitive information stored in directory servers, Symlabs Virtual Directory Server has developed the most comprehensive access control module available on the market. Access control rule-sets can be created using very finely-grained statements to the granularity of specific attributes. These access controls can be defined for individual entries, groups of entries or entire sub-trees.

"Symlabs Virtual Directory Server is the most comprehensive solution to secure and protect the integrity of your data."

LDAP Firewall

When organizations need to share data with other organizations, it is often necessary to expose the directory on a network accessible to the outside, also known in network terms as a DMZ (de-militarized zone). This raises additional security concerns, because hosts on a DMZ are significantly more vulnerable to certain types of network attacks than servers on an internal network that are not connected to the outside.

Symlabs Virtual Directory Server is a complete LDAP Firewall solution and provides several mechanisms to protect against outside attacks against directory servers. One type of attack commonly found on the Internet is based on malformed packets that expose bugs in certain vendor's directory servers, such as buffer overflows that are then exploited by potential hackers to gain control of the system. By safely decoding and re-encoding every packet, Symlabs Virtual Directory Server prevents abusive attacks using malformed network packets.

Denial-of-Service Protection

Denial-of-Service attacks are common on the Internet. These attacks try to disable a service by attempting to overflow it with massive bogus requests. Symlabs Virtual Directory Server is well suited to prevent those attacks by using a special technology based on prioritization of requests, and throttling.

Identity Audit and Compliance

Identity auditing is an important cornerstone of compliance with government regulations, such as the Sarbanes-Oxley act in the US. At any time, it must be possible to check who accessed which resource. Symlabs Virtual Directory Server has comprehensive logging facilities, and can detect and log accesses based on requests from access management services or other resources that use a directory for authentication and authorization.