None of the options presented can be used to secure an LDAP service against anonymous queries. However, one possible solution is to disable anonymous binds and require clients to authenticate before issuing any LDAP queries. This can be done by configuring the LDAP server to require simple bind authentication for all clients. Additionally, some LDAP servers may also support more advanced authentication methods such as SASL (Simple Authentication and Security Layer) or SSL/TLS (Secure Sockets Layer/Transport Layer Security) which can provide additional security against unauthorized access.
Enumeration Countermeasures
LDAP Enumeration Countermeasures:By default, LDAP traffic is transmitted unsecured (Port 389); therefore, use Secure Sockets Layer (SSL) or STARTTLS technology to encrypt the traffic (Port 636).
Use NTLM or any basic authentication mechanism to limit access to legitimate users. (P.494/478)
RADIUS is an authentication server (and protocol)! I don't understand what are you people talking about here, why NTLM (born as MS tech) is the correct answer? Why not RADIUS? I am confused but I am for sure going for RADIUS.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 3 years, 1 month agoMeroMaro
Highly Voted 3 years, 3 months agoDpsypher
2 years, 9 months agosunce12
Most Recent 5 months, 1 week agovictorfs
1 year, 6 months agoMuli_70
1 year, 6 months agoTimebear
1 year, 7 months agoDaniel8660
2 years, 1 month agotinkerer
2 years, 2 months agorabrown813
2 years, 3 months agoLigeti15
2 years, 4 months agoCHANh1990mar
2 years, 5 months agola144
2 years, 8 months agoQudaz
2 years, 9 months agoAPOLLO1113
2 years, 10 months agoVibe
2 years, 10 months agoAjaxFar
2 years, 10 months agoegz21
2 years, 11 months ago