Kerberos - a Single Sign-on Network Security Tool
Have you ever worked in an environment where 10 or more different user credentials and passwords are required for different applications and services.What if, the number of applications and user credentials are even more? This situation may lead to
i. Diffculty in user management
ii. Difficulty in authentication between client and server or between two different applications.
iii.Difficulty for user in remembering so many password/ PIN/ Tokens and user credentials.
Earlier authentication protocol like Hyper Text Transfer protocol (HTTP) was able to one way authenticate the user.It was silent about authentication of server. Chances of spoofing was always there and because of this the need for dual authentication was felt and the concept of Single sign-on came. Kerberos is one such Single Sign-on concept.As an Information Security Expert or an as an IS Auditor one should know the following important points about kerberos.
1. Kerberos is a Single Sign-on tool which is used to protect networks and related resources.
2. Kerberos work in Open Network Environment (ONE) which is sometimes also known as Distributed Computing Environment(DCE) and manages authentication in diverse environment.
3.In kerberos both client and server are authenticated.
4.Purpose of kerberos is to avoid spoofed attacks
5.Important components/ parts of kerberos system includes:
Authenticator
Credential
Kerberos Authentication Server(KAS)
Kerberos Database
Session Key
Ticket
Ticket Granting Server (TGS)
Timestamp
User or Client
6. Client identity is stored in kerberos database.
7. Ticket contains user identity,a session key, a timestamp etc.
8. Every ticket will have unique session key.
9. Tickets can be reused.
10. Kerberos server maintains history of previous user requests & sessions.
i. Diffculty in user management
ii. Difficulty in authentication between client and server or between two different applications.
iii.Difficulty for user in remembering so many password/ PIN/ Tokens and user credentials.
Earlier authentication protocol like Hyper Text Transfer protocol (HTTP) was able to one way authenticate the user.It was silent about authentication of server. Chances of spoofing was always there and because of this the need for dual authentication was felt and the concept of Single sign-on came. Kerberos is one such Single Sign-on concept.As an Information Security Expert or an as an IS Auditor one should know the following important points about kerberos.
1. Kerberos is a Single Sign-on tool which is used to protect networks and related resources.
2. Kerberos work in Open Network Environment (ONE) which is sometimes also known as Distributed Computing Environment(DCE) and manages authentication in diverse environment.
3.In kerberos both client and server are authenticated.
4.Purpose of kerberos is to avoid spoofed attacks
5.Important components/ parts of kerberos system includes:
Authenticator
Credential
Kerberos Authentication Server(KAS)
Kerberos Database
Session Key
Ticket
Ticket Granting Server (TGS)
Timestamp
User or Client
6. Client identity is stored in kerberos database.
7. Ticket contains user identity,a session key, a timestamp etc.
8. Every ticket will have unique session key.
9. Tickets can be reused.
10. Kerberos server maintains history of previous user requests & sessions.
This article will be followed by few questions on Single sign-on and kerberos which will further clarify your concept. These questions will be published in next few posts.
0 comments:
Post a Comment