University of Twente Student Theses


An Empirical Study of Directory Service Dependencies

Othmer, Benjamin (2023) An Empirical Study of Directory Service Dependencies.

[img] PDF
Abstract:In this paper, an empirical analysis of LDAP services and their security-relevant properties as well as their concentration around the most popular service providers was conducted, by investigating scans of the Internet contained in snapshots of the months of 2022 in the Censys Universal Internet Dataset (CUID). "Off-the-shelf" data sets like the CUID provide researchers with new and prospective data, allowing further avenues of research into this topic. After processing, extracting, and categorizing the CUID data pertaining to LDAP services, we observed a high amount of weak TLS implementations and an overall bad security posture. Additionally, we observed that outdated and weak TLS versions and ciphers are being updated and replaced, but at a slow rate. We found a concentration of services around multiple large service providers in the United States, while LDAP services deployed in Europe concentrate on a few large ones. Services concentrate on service providers offering cloud- and customer-oriented solutions. A high number of possibly outsourced services and an indication of worse TLS deployment practices at providers with a high emphasis on customer-dependant implementations, such as cloud-oriented service implementations, can be seen. Limitations of the current CUID dataset, like a lack of TLS data concerning services deployed on port 389 were identified. Finally, data such as the CUID offers new avenues of research, and further properties of LDAP services over time could be investigated in (more extensive) future work.
Item Type:Essay (Bachelor)
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science BSc (56964)
Link to this item:
Export this item as:BibTeX
HTML Citation
Reference Manager


Repository Staff Only: item control page