Security issues with implementing and deploying the LDAP directory system.

Presented at Black Hat USA 1999, July 8, 1999, 1:30 p.m. (60 minutes).

The popularity of LDAP is increasing and is thus resulting in it's rapidly replacing NIS, Radius and tacacs and other authentication services. Unfortunately, as will most new technologies, many site are failing to instigate proper security measures when deploying this new technology.

Common errors and assumptions will me discussed as well as techniques used by network intruders to compromise LDAP servers and related systems and harvest data.


Presenters:

  • Peter Shipley - KPGM
    Peter Shipley Is an consultant in the San Francisco's Bay Area with over thirteen years experience n the Computer Security field. Currently working for KPMG LLP. out of the San Jose/Silicon Valley office with the title of "Chief Security Officer". Mr. Shipley is one of the few individuals who is well known and respected in the professional world as well as the underground/hacker community. He has extensive experience in system and network security as well as programming and project design. Mr. Shipley past accomplishments include first in depth research into the security aspects of wardialing, designing and implanting the first automated network security scanner, among other accomplishments. Mr. Shipley's specialties are third party penetration testing and firewall review, computer risk assessment, and security training. Mr. Shipley also performs post-intrusion analysis as well as expert witness testimony.
  • Tom Jackiewicz
    Tom wants to be sitting in the bathtub of my suite at Mandarin Oriental after watching my super model girlfriend give new insight into number theory in front of everyone at Berkeley. He wants to be driving a 900 series BMW, wearing an Armani suit and GUCCI loafers while talking to his broker on his cellular phone. And while he's doing that, he wants to think of all the great projects that he has been involved with during my career.

Similar Presentations: