Page 34 - StudyBook.pdf
P. 34
18 Chapter 1 • General Security Concepts: Access Control, Authentication, and Auditing
network (LAN) or at the connection at the e-mail server. As indicated,
unless you have taken steps to secure this traffic, these passwords are
not protected during this process.
Kerberos
Kerberos (currently Kerberos v5-1.6.1), is used as the preferred network authenti-
cation protocol in many medium and large environments, to authenticate users and
services requesting access to resources. Kerberos is a network protocol designed to
centralize the authentication information for the user or service requesting the
resource.This allows authentication of the entity requesting access (user, machine,
service, or process) by the host of the resource being accessed through the use of
secure and encrypted keys and tickets (authentication tokens) from the authenticating
Key Distribution Center (KDC). It allows for cross-platform authentication, and is
available in many implementations of various NOSes. Kerberos is very useful in the
distributed computing environments currently used, because it centralizes the pro-
cessing of credentials for authentication. Kerberos utilizes time stamping of its
tickets, to help ensure they are not compromised by other entities, and an overall
structure of control that is called a realm. Some platforms use the defined termi-
nology, while others such as Windows 2003 use their domain structure to imple-
ment the Kerberos concepts.
Kerberos is described in RFC 1510, which is available on the Web at
www.ietf.org/rfc/rfc1510.txt?number=1510. Developed and owned by the
Massachusetts Institute of Technology (MIT), information about the most current
and previous releases of Kerberos is available on the Web at
http://web.mit.edu/Kerberos.
Let’s look at how the Kerberos process works, and how it helps secure authenti-
cation activities in a network. First, let’s look at Figure 1.4, which shows the default
components of a Kerberos v5 realm.
www.syngress.com
