Networks Security Question:
Download Job Interview Questions and Answers PDF
What is Kerberos Protocol?
Answer:
Kerberos is an authentication protocol,it is named after a dog who is according to the Greek mythology,- is said to stand at the gates of Hades.In the terms of computer networking it is a collection of softwares used in large networks to authenticate and establish a user's claimed identity.It is developed by MIT and using a combination of encryption as well as distributed databases so that the user can log in start a session.
It has some disadvanteges though.As I said Kereberos had been developed by MIT under the project Athena,- Kerberos is designed to authenticate the end users on the servers.
Kerberos is not a peer to peer system ,nor was it meant to do for one computer system's daemons to contact another computer.
There are many issues concerning to Kerberos.Namely,on most of the computer system there is no a secure area to save the keys.
It is known that a keys must be stored in plain text format in order to obtain a "ticket granting ticket" this area where the tickets are resides obviously supposed be a secured area.
However this is not the case therefore most of the time this is actually a potential security risk.
In case if the plain text key could be obtained by a hacker the Kerberos authentication server in that specific realm can be comprimised fairly easily.
It is also noteable that the other issue is the actual mechanism how the Kerberos handling the keys on a multisuser computer.The keys are cached and can be obtained by other user as well who are logged into the computer network..On a single user workstation only the actual user has access to system resources however if the workstation support multiple users then it is possible for another user on the system to obtain the keys.
Some other weaknesses are also exist in the Kerberos protocol, however those vulnerabilities are too complicated to discuss without the deep understanding of the protocol and the way as it had been implemented.
It has some disadvanteges though.As I said Kereberos had been developed by MIT under the project Athena,- Kerberos is designed to authenticate the end users on the servers.
Kerberos is not a peer to peer system ,nor was it meant to do for one computer system's daemons to contact another computer.
There are many issues concerning to Kerberos.Namely,on most of the computer system there is no a secure area to save the keys.
It is known that a keys must be stored in plain text format in order to obtain a "ticket granting ticket" this area where the tickets are resides obviously supposed be a secured area.
However this is not the case therefore most of the time this is actually a potential security risk.
In case if the plain text key could be obtained by a hacker the Kerberos authentication server in that specific realm can be comprimised fairly easily.
It is also noteable that the other issue is the actual mechanism how the Kerberos handling the keys on a multisuser computer.The keys are cached and can be obtained by other user as well who are logged into the computer network..On a single user workstation only the actual user has access to system resources however if the workstation support multiple users then it is possible for another user on the system to obtain the keys.
Some other weaknesses are also exist in the Kerberos protocol, however those vulnerabilities are too complicated to discuss without the deep understanding of the protocol and the way as it had been implemented.
Download Networks and Security Interview Questions And Answers
PDF