Wednesday, February 13, 2008

WebDAV Vulnerability Worst of Four Windows Flaws « Bardissi Enterprises Blog

As a lot of us know, there are some serious DOS (denial of service) issues with AD.  AD just isn't fully LDAP compatible, that's the bottom line in my book.  If I have to interface to AD to multiple sources outside Microsoft designed use (inside the NOS), I recommend using a virtual directory to protect AD. Such LDAP packets as described below and other causes of DOS can be dealt with. 

Quoted from

WebDAV Vulnerability Worst of Four Windows Flaws « Bardissi Enterprises Blog

12 February, 2008


MS08-003: Active Directory Denial of Service Vulnerability

Active Directory is the Windows component that provides central authentication and authorization services for Windows computers. Active Directory runs on Windows servers, but also on Windows clients as the Active Directory Application Mode (ADAM) service. Microsoft’s security bulletin warns of an unspecified Denial of Service (DoS) vulnerability involving the way Active Directory handles specially crafted LDAP packets. By sending a malicious LDAP request, a remote attacker could exploit this vulnerability to cause your Windows computer to lock up or to reboot. The attacker could repeatedly exploit this vulnerability to keep your Windows machines offline for as long as he could sustain this attack. However, most administrators don’t allow LDAP traffic (TCP ports 389 and 3268) through their perimeter firewall. Therefore, this vulnerability primarily poses an internal threat.
Microsoft rating: Important.


Wednesday, February 6, 2008

Oracle Virtual Directory Webinar

I thought I would share an interesting webinar on virtual directories recently from Oracle on their virtual directory (OVD).

You can view the recording here.

This is the first time I've mentioned a product by name, and referenced a particular company. I try to stay as neutral as possible, perhaps out of habit due to my role to help customers decide. I usually always give at least two options for any decision and list the pro's and con's.

This webinar is a little generic, although I was able to get in a couple questions which the moderator answered decently. OVD certainly has a place in the marketplace and a specific role.

If you want an introduction at a high-level for what a virtual directory can do for you, this is a great resource so check it out.

What OVD doesn't do is offer solutions to more complex integration problems that you can face that require more feature sets, which Oracle will gladly provide to you, of course, at an additional price, as part of their IdM Suite, such as synchronization capabilities, data modeling, provisioning services, and more...