Assignment - Kerberos
Purpose of the assignment(with ULO Mapping) After completing this assignment, student's should be able to:
-Discuss common threats and attacks on networked information systems
- Identify network threats
- Explain major methodologies for secure networks and threats they address
Assignment Description
Kerberos is an authentication service developed as part of project Athena at MIT. Motivation behind Kerberos is that if a set of users is provided with dedicated personal computers that have no network connections, then a user's resources and files can beprotected by physically securing each personal computer. When these users instead are served by a centralized time-sharing system, thetime-sharing operating system must provide the security. The operating system can enforce access control policies based on user identity and use the logon procedure to identify users.
Today, neither of these scenarios is typical. More common is a distributed architecture consisting of dedicated user workstations (clients)and distributed or centralized servers. In this environment, three approaches to security can be envisioned:
- Rely on each individual client workstation to assure the identity of its user or users and rely on each server to enforce a security policy based on user identification (ID).
- Require that client systems authenticate themselves to servers, but trust the client system concerning the identity of its user.
- Require the user to prove his or her identity for each service invoked. Also require that servers prove their identity to clients.
"William Stallings, Cryptography and Network Security: Principles and Practice, Sixth Edition"
In a small, closed environment, in which all systems are owned and operated by a single organization, the first or perhaps the secondstrategy may suffice.But in a more open environment, in which network connections to other machines are supported, the thirdapproach is needed to protect user information and resources housed at the server.
Prepare a report which should include the following:
1) Discuss in detail what problems was Kerberos designed to address in a network of trusted client systems.
2) Explain at least four threats associated with user authentication over a network or internet and how Kerberos can mitigate it.
3) Using any networking diagram software, draw a full-service Kerberos environment diagram with detailed description of the architecture.
4) Justify in your own words, how this diagram satisfy security objectives of confidentiality, integrity and authentication.
5) List and explain at least five major differences between version 4 and version 5 of Kerberos.
6) Briefly discuss, what type of organisations should use Kerberos and why?