University of Twente Student Theses


An internet-wide analysis of TLS configurations of public LDAP servers

Monteiro, S.C. (2021) An internet-wide analysis of TLS configurations of public LDAP servers.

[img] PDF
Abstract:LDAP is a protocol designed for querying and updating directory structures over IP. A common use case for the protocol is storing sensitive information such as passwords, creating a potential target for attackers. Despite this, we find no prior research quantifying the presence of public LDAP servers on the internet or investigating the security of these servers. This research investigates both of these points by performing an internet-wide scan for LDAP servers on well-known ports 389 and 636 and analyzing the TLS configurations of a sample of found instances. We discover over 6.6 million open ports, and observe over 29 thousand valid LDAP banners in our sample. We find major differences between port 389 and 636 in terms of preferred cipher suites and the validity of presented certificates. Some of our findings are encouraging from a security standpoint, while others leave to be desired.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page