BAIT2023 Introduction

to Internet Security
Tutorial 4
1. What problem was Kerberos designed to address?

The problem that Kerberos addresses is this:

• Assume an open distributed environment in which users at
workstations wish to access services on servers distributed
throughout the network.
• We would like for servers to be able to restrict access to
authorized users and to be able to authenticate requests for
service.
• In this environment, a workstation cannot be trusted to identify its
users correctly to network services.
2. What are the three threats associated with user
authentication over a network or Internet?

1. A user may gain access to a particular workstation and

pretend to be another user operating from that workstation.

2. A user may alter the network address of a workstation so

that the requests sent from the altered workstation appear to
come from the impersonated workstation.

3. A user may eavesdrop on exchanges and use a replay attack

to gain entrance to a server or to disrupt operations.
3. What entities constitute a full-service Kerberos
environment?

A full-service Kerberos environment consists of :

• a Kerberos server
• a number of clients
• a number of application servers.
4. In the context of Kerberos, what is a realm?

A realm is an environment in which:

1. The Kerberos server must have the user ID (UID) and

hashed password of all participating users in its database.
All users are registered with the Kerberos server.
2. The Kerberos server must share a secret key with each
server. All servers are registered with the Kerberos server.
5. What is the purpose of the X.509 standard?

• X.509 defines a framework for the provision of

authentication services by the X.500 directory to its users.
• The directory may serve as a repository of public-key
certificates. Each certificate contains the public key of a user
and is signed with the private key of a trusted certification
authority.
• In addition, X.509 defines alternative authentication
protocols based on the use of public-key certificates.
6. Give reasons why is an X.509 certificate revoked?

• The user’s private key is assumed to be compromised.

• The user is no longer certified by this CA.
• The CA’s certificate is assumed to be compromised.
7. What is Kerberos? State THREE (3) problems which would be encountered in Kerberos version 4.

• Kerberos provides a centralized authentication server to

authenticate users to servers and servers to users.
• Three problems:
• Lifetime associated with the ticket-granting ticket.
• If time to short _ repeatedly asking for password.
• If time to long _ greater opportunity to replay
8. Explain the term Certificate Authority (CA).

• It is a trusted third party that to proof the user's public key

that claimed to be True. Example VeriSign, GTE, US. Postal
Service.
9. Kerberos is an authentication service designed for use in a
distributed environment.
With the aid of a diagram, describe how the Kerberos operates.