Kerberos was designed to address authentication in an open distributed network environment. It allows servers to restrict access to authorized users and authenticate service requests, as workstations cannot be fully trusted to correctly identify users. The three main threats Kerberos addresses are impersonation on a workstation, address alteration to impersonate another, and replay attacks by eavesdropping. A full Kerberos environment consists of a Kerberos server, clients, and application servers. A realm is an environment where the Kerberos server has registered user IDs/passwords and server secret keys.
Kerberos was designed to address authentication in an open distributed network environment. It allows servers to restrict access to authorized users and authenticate service requests, as workstations cannot be fully trusted to correctly identify users. The three main threats Kerberos addresses are impersonation on a workstation, address alteration to impersonate another, and replay attacks by eavesdropping. A full Kerberos environment consists of a Kerberos server, clients, and application servers. A realm is an environment where the Kerberos server has registered user IDs/passwords and server secret keys.
Kerberos was designed to address authentication in an open distributed network environment. It allows servers to restrict access to authorized users and authenticate service requests, as workstations cannot be fully trusted to correctly identify users. The three main threats Kerberos addresses are impersonation on a workstation, address alteration to impersonate another, and replay attacks by eavesdropping. A full Kerberos environment consists of a Kerberos server, clients, and application servers. A realm is an environment where the Kerberos server has registered user IDs/passwords and server secret keys.
to Internet Security Tutorial 4 1. What problem was Kerberos designed to address?
The problem that Kerberos addresses is this:
• Assume an open distributed environment in which users at workstations wish to access services on servers distributed throughout the network. • We would like for servers to be able to restrict access to authorized users and to be able to authenticate requests for service. • In this environment, a workstation cannot be trusted to identify its users correctly to network services. 2. What are the three threats associated with user authentication over a network or Internet?
1. A user may gain access to a particular workstation and
pretend to be another user operating from that workstation.
2. A user may alter the network address of a workstation so
that the requests sent from the altered workstation appear to come from the impersonated workstation.
3. A user may eavesdrop on exchanges and use a replay attack
to gain entrance to a server or to disrupt operations. 3. What entities constitute a full-service Kerberos environment?
A full-service Kerberos environment consists of :
• a Kerberos server • a number of clients • a number of application servers. 4. In the context of Kerberos, what is a realm?
A realm is an environment in which:
1. The Kerberos server must have the user ID (UID) and
hashed password of all participating users in its database. All users are registered with the Kerberos server. 2. The Kerberos server must share a secret key with each server. All servers are registered with the Kerberos server. 5. What is the purpose of the X.509 standard?
• X.509 defines a framework for the provision of
authentication services by the X.500 directory to its users. • The directory may serve as a repository of public-key certificates. Each certificate contains the public key of a user and is signed with the private key of a trusted certification authority. • In addition, X.509 defines alternative authentication protocols based on the use of public-key certificates. 6. Give reasons why is an X.509 certificate revoked?
• The user’s private key is assumed to be compromised.
• The user is no longer certified by this CA. • The CA’s certificate is assumed to be compromised. 7. What is Kerberos? State THREE (3) problems which would be encountered in Kerberos version 4.
• Kerberos provides a centralized authentication server to
authenticate users to servers and servers to users. • Three problems: • Lifetime associated with the ticket-granting ticket. • If time to short _ repeatedly asking for password. • If time to long _ greater opportunity to replay 8. Explain the term Certificate Authority (CA).
• It is a trusted third party that to proof the user's public key
that claimed to be True. Example VeriSign, GTE, US. Postal Service. 9. Kerberos is an authentication service designed for use in a distributed environment. With the aid of a diagram, describe how the Kerberos operates.