SlideShare uma empresa Scribd logo

Kerberos

Transferir como PPT, PDF
Prafull Johri
Prafull Johri

Network authentication protocol

Tecnologia
1 de 14
KERBEROS
What is Kerberos? • Net wor k aut hent icat ion prot ocol • Developed at MI T in t he mid 1980s • Available as open sour ce or in suppor t ed commer cial sof t war e
Why Kerberos? • Sending usernames and passwords in t he clear j eopardizes t he securit y of t he net work. • Each t ime a password is sent in t he clear, t here is a chance f or int ercept ion.
Firewall vs. Kerberos • Fir ewalls make a risky assumpt ion: t hat at t acker s are coming f r om t he out side. I n realit y, at t acks f requent ly come f rom wit hin. • Kerberos assumes t hat net wor k connect ions (r at her t han ser vers and wor k st at ions) are t he weak link in net wor k secur it y.
Design Requirement s • I nt eract ions bet ween host s and client s should be encrypt ed. • Must be convenient f or users (or t hey won’t use it ). • Prot ect against int ercept ed credent ials.
Crypt ography Approach • Privat e Key: Each part y uses t he same secr et key t o encode and decode messages. • Uses a t rust ed t hir d par t y which can vouch f or t he ident it y of bot h par t ies in a t ransact ion. Secur it y of t hir d par t y is imperat ive.
How does Kerberos work? • I nst ead of client sending password t o applicat ion ser ver : – Request Ticket f rom aut hent icat ion server – Ticket and encrypt ed request sent t o applicat ion server • How t o request t icket s wit hout repeat edly sending credent ials? – Ticket granting ticket (TGT)
How does Kerberos work?: Ticket Grant ing Ticket s
How does Kerberos work?: The Applicat ion Server
Applicat ions • Aut hent icat ion • Aut horizat ion • Conf ident ialit y • Wit hin net works and small set s of net works
Weaknesses and Solut ions I f TGT st olen, can be used t o access net work services. Only a problem unt il t icket expires in a f ew hours. Subj ect t o dict ionary at t ack. Timest amps require hacker t o guess in 5 minut es. Very bad if Aut hent icat ion Server compromised. Physical prot ect ion f or t he server.
The Compet it ion: SSL SSL Kerberos Uses public key encryption Uses private key encryption Is certificate based (asynchronous) Relies on a trusted third party (synchronous) Ideal for the WWW Ideal for networked environments Key revocation requires Revocation Server to keep track of bad certificates Key revocation can be accomplished by disabling a user at the Authentication Server Certificates sit on a users hard drive (even if they are encrypted) where they are subject to being cracked. Passwords reside in users' minds where they are usually not subject to secret attack. Uses patented material, so the service is not free. Netscape has a profit motive in wide acceptance of the standard. Kerberos has always been open source and freely available.
Limit at ion: Scalabilit y • Recent modif icat ions at t empt t o address t his problem • Public key crypt ography f or Client Aut hent icat ion and cross realm aut hent icat ion • I ssues are not resolved
THANKYOU

Recomendados

Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocolAjit Dadresa
 
Kerberos
KerberosKerberos
KerberosMohanasundaram Nattudurai
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explainedDotan Patrich
 
Using Kerberos
Using KerberosUsing Kerberos
Using Kerberosanusachu .
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Kerberos ppt
Kerberos pptKerberos ppt
Kerberos pptOECLIB Odisha Electronics Control Library
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authenticationSuraj Singh
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 

Recomendados

Kerberos protocol
Kerberos protocolKerberos protocol
Kerberos protocolAjit Dadresa
 
Kerberos
KerberosKerberos
KerberosMohanasundaram Nattudurai
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explainedDotan Patrich
 
Using Kerberos
Using KerberosUsing Kerberos
Using Kerberosanusachu .
 
Kerberos
KerberosKerberos
KerberosSutanu Paul
 
Kerberos ppt
Kerberos pptKerberos ppt
Kerberos pptOECLIB Odisha Electronics Control Library
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authenticationSuraj Singh
 
Kerberos
KerberosKerberos
KerberosRahul Pundir
 
Kerberos
KerberosKerberos
KerberosSparkbit
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case studyMayuri Patil
 
Kerberos (1)
Kerberos (1)Kerberos (1)
Kerberos (1)Ana Salas Elizondo
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windowsniteshitimpulse
 
Kerberos
KerberosKerberos
KerberosRafatSamreen
 
Kerberos
KerberosKerberos
KerberosSudeep Shouche
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentationChris Geier
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
kerberos
kerberoskerberos
kerberossameer farooq
 
SSO with kerberos
SSO with kerberosSSO with kerberos
SSO with kerberosClaudia Rosu
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
Kerberos
KerberosKerberos
KerberosChaitanya Ram
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To KerberosIshan A B Ambanwela
 
Kerberos
KerberosKerberos
KerberosIAM IAM
 
Gunaspresentation1
Gunaspresentation1Gunaspresentation1
Gunaspresentation1anchalaguna
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh rajDBNCOET
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsArunangshu Bhakta
 
gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2Anne Starr
 
gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2Anne Starr
 

Mais conteúdo relacionado

Mais procurados

Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication ProtocolBibek Subedi
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication ApplicationVidulatiwari
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case studyMayuri Patil
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windowsniteshitimpulse
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentationChris Geier
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to KerberosShumon Huque
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
Kerberos
KerberosKerberos
KerberosIAM IAM
 
Gunaspresentation1
Gunaspresentation1Gunaspresentation1
Gunaspresentation1anchalaguna
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh rajDBNCOET
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsArunangshu Bhakta
 

Mais procurados (20)

Kerberos
KerberosKerberos
Kerberos
 
Kerberos Authentication Protocol
Kerberos Authentication ProtocolKerberos Authentication Protocol
Kerberos Authentication Protocol
 
Kerberos : An Authentication Application
Kerberos : An Authentication ApplicationKerberos : An Authentication Application
Kerberos : An Authentication Application
 
Kerberos case study
Kerberos case studyKerberos case study
Kerberos case study
 
Kerberos (1)
Kerberos (1)Kerberos (1)
Kerberos (1)
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windows
 
Kerberos
KerberosKerberos
Kerberos
 
Kerberos
KerberosKerberos
Kerberos
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Kerberos presentation
Kerberos presentationKerberos presentation
Kerberos presentation
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
kerberos
kerberoskerberos
kerberos
 
SSO with kerberos
SSO with kerberosSSO with kerberos
SSO with kerberos
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
 
Kerberos
KerberosKerberos
Kerberos
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To Kerberos
 
Kerberos
KerberosKerberos
Kerberos
 
Gunaspresentation1
Gunaspresentation1Gunaspresentation1
Gunaspresentation1
 
Rakesh raj
Rakesh rajRakesh raj
Rakesh raj
 
Kerberos and its application in cross realm operations
Kerberos and its application in cross realm operationsKerberos and its application in cross realm operations
Kerberos and its application in cross realm operations
 

Semelhante a Kerberos

gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2Anne Starr
 
gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2Anne Starr
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2Anne Starr
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSNormalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSUtku Sen
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat ManagementTapas Shome
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoastken_kitahara
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network SecurityUC San Diego
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AlivePositive Hack Days
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
kerb.ppt
kerb.pptkerb.ppt
kerb.pptJdQi
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11Waqas Ahmed Nawaz
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfThangDang53
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay aliveqqlan
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveDefconRussia
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)NCC Group
 

Semelhante a Kerberos (20)

gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2gkk20211e4djwew4dSecurity essentials domain 2
gkk20211e4djwew4dSecurity essentials domain 2
 
gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2gkk_2021123rg5hSecurity essentials domain 2
gkk_2021123rg5hSecurity essentials domain 2
 
gkkSecurity essentials domain 2
gkkSecurity essentials domain 2gkkSecurity essentials domain 2
gkkSecurity essentials domain 2
 
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDSNormalizing Empire's Traffic to Evade Anomaly-Based IDS
Normalizing Empire's Traffic to Evade Anomaly-Based IDS
 
Unified Threat Management
Unified Threat ManagementUnified Threat Management
Unified Threat Management
 
Topic22
Topic22Topic22
Topic22
 
Securityic2
Securityic2Securityic2
Securityic2
 
Myles firewalls
Myles firewallsMyles firewalls
Myles firewalls
 
In the Wake of Kerberoast
In the Wake of KerberoastIn the Wake of Kerberoast
In the Wake of Kerberoast
 
Workshop on Network Security
Workshop on Network SecurityWorkshop on Network Security
Workshop on Network Security
 
How to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay AliveHow to Hack a Telecom and Stay Alive
How to Hack a Telecom and Stay Alive
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
kerb.ppt
kerb.pptkerb.ppt
kerb.ppt
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
 
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
 
lecture 7.pptx
lecture 7.pptxlecture 7.pptx
lecture 7.pptx
 
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdfITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
 
How to hack a telecom and stay alive
How to hack a telecom and stay aliveHow to hack a telecom and stay alive
How to hack a telecom and stay alive
 
Sergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay aliveSergey Gordeychik - How to hack a telecom and stay alive
Sergey Gordeychik - How to hack a telecom and stay alive
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)
 

Último

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 

Último (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 

Kerberos

  • 2. What is Kerberos? • Net wor k aut hent icat ion prot ocol • Developed at MI T in t he mid 1980s • Available as open sour ce or in suppor t ed commer cial sof t war e
  • 3. Why Kerberos? • Sending usernames and passwords in t he clear j eopardizes t he securit y of t he net work. • Each t ime a password is sent in t he clear, t here is a chance f or int ercept ion.
  • 4. Firewall vs. Kerberos • Fir ewalls make a risky assumpt ion: t hat at t acker s are coming f r om t he out side. I n realit y, at t acks f requent ly come f rom wit hin. • Kerberos assumes t hat net wor k connect ions (r at her t han ser vers and wor k st at ions) are t he weak link in net wor k secur it y.
  • 5. Design Requirement s • I nt eract ions bet ween host s and client s should be encrypt ed. • Must be convenient f or users (or t hey won’t use it ). • Prot ect against int ercept ed credent ials.
  • 6. Crypt ography Approach • Privat e Key: Each part y uses t he same secr et key t o encode and decode messages. • Uses a t rust ed t hir d par t y which can vouch f or t he ident it y of bot h par t ies in a t ransact ion. Secur it y of t hir d par t y is imperat ive.
  • 7. How does Kerberos work? • I nst ead of client sending password t o applicat ion ser ver : – Request Ticket f rom aut hent icat ion server – Ticket and encrypt ed request sent t o applicat ion server • How t o request t icket s wit hout repeat edly sending credent ials? – Ticket granting ticket (TGT)
  • 8. How does Kerberos work?: Ticket Grant ing Ticket s
  • 9. How does Kerberos work?: The Applicat ion Server
  • 10. Applicat ions • Aut hent icat ion • Aut horizat ion • Conf ident ialit y • Wit hin net works and small set s of net works
  • 11. Weaknesses and Solut ions I f TGT st olen, can be used t o access net work services. Only a problem unt il t icket expires in a f ew hours. Subj ect t o dict ionary at t ack. Timest amps require hacker t o guess in 5 minut es. Very bad if Aut hent icat ion Server compromised. Physical prot ect ion f or t he server.
  • 12. The Compet it ion: SSL SSL Kerberos Uses public key encryption Uses private key encryption Is certificate based (asynchronous) Relies on a trusted third party (synchronous) Ideal for the WWW Ideal for networked environments Key revocation requires Revocation Server to keep track of bad certificates Key revocation can be accomplished by disabling a user at the Authentication Server Certificates sit on a users hard drive (even if they are encrypted) where they are subject to being cracked. Passwords reside in users' minds where they are usually not subject to secret attack. Uses patented material, so the service is not free. Netscape has a profit motive in wide acceptance of the standard. Kerberos has always been open source and freely available.
  • 13. Limit at ion: Scalabilit y • Recent modif icat ions at t empt t o address t his problem • Public key crypt ography f or Client Aut hent icat ion and cross realm aut hent icat ion • I ssues are not resolved