Distributed security management using LDAP directories

Presently, many companies share business information by interconnecting their networks through the Internet. However, this advanced degree of connectivity also increases the network security management complexity. Most of this complexity results form the need of controlling the connectivity of each network with respect to the others and the Internet. Also, it is necessary to take into account changes on users, shared resources and services, not only in the local network, but also in the interconnected networks. Because of these changes, network administrators are systematically confronted with firewall and other network elements reconfiguration. This paper proposes the use of a LDAP global directory service to simplify the task of managing the security in large-scale networks. By taking advantage of the distributed features of directory services, the paper defines a strategy for managing a group of interconnected networks as a single entity, without removing the administration autonomy of each independent network.