deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 16:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into live

Browse Source
This commit is contained in:
LizRoss 2017-02-16 10:37:52 -08:00
commit 7390290d17
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/keep-secure/domain-controller-ldap-server-signing-requirements.md
View File

@ -22,9 +22,9 @@ This policy setting determines whether the Lightweight Directory Access Protocol
Unsigned network traffic is susceptible to man-in-the-middle attacks, where an intruder captures packets between the server and the client device and modifies them before forwarding them to the client device. In the case of an LDAP server, this means that a malicious user can cause a client device to make decisions based on false records from the LDAP directory. You can lower the risk of a malicious user accomplishing this in a corporate network by implementing strong physical security measures to protect the network infrastructure. Furthermore, implementing Internet Protocol security (IPsec) Authentication Header mode, which provides mutual authentication and packet integrity for IP traffic, can make all types of man-in-the-middle attacks extremely difficult. Unsigned network traffic is susceptible to man-in-the-middle attacks, where an intruder captures packets between the server and the client device and modifies them before forwarding them to the client device. In the case of an LDAP server, this means that a malicious user can cause a client device to make decisions based on false records from the LDAP directory. You can lower the risk of a malicious user accomplishing this in a corporate network by implementing strong physical security measures to protect the network infrastructure. Furthermore, implementing Internet Protocol security (IPsec) Authentication Header mode, which provides mutual authentication and packet integrity for IP traffic, can make all types of man-in-the-middle attacks extremely difficult.
This setting does not have any impact on LDAP simple bind or LDAP simple bind through SSL. This setting does not have any impact on LDAP simple bind through SSL (LDAP TCP/636).
If signing is required, then LDAP simple bind and LDAP simple bind through SSL requests are rejected. If signing is required, then LDAP simple binds not using SSL are rejected (LDAP TCP/389).
>**Caution:**  If you set the server to Require signature, you must also set the client device. Not setting the client device results in loss of connection with the server. >**Caution:**  If you set the server to Require signature, you must also set the client device. Not setting the client device results in loss of connection with the server.