|
Each Advanced Network Configuration object in a directory is described by a set of attributes. Examples include
name, address, email, or manager name. Access control lists (ACLs) or marking
attributes confidential are two commonly practiced techniques to protect
attribute data in a directory from ordinary users. In general, however, directories
are used to share information, and rarely enforce access controls beyond
simple user authentication (only users with accounts on the system may access
the data). An insider threat, someone with authorized access, could potentially
retrieve personal information about every object in the directory. The malicious
activities possible with such information could include selling information to
competing companies, foreign governments, or spammers, or even worse - the
targeted attack of specific individuals within the company, such as domain-level
administrators, known as context aware attacks, or spear phishing.
|
