Kerberos

    12 Votes

The internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to “sniff” passwords off of the network are in common use by systems crackers. Thus applications that send an unencrypted password over the network are extremely vulnerable.

Worse yet, other client/server applications rely on the client program to be “honest” about the identity of the user who is using it. Other applications rely on the client program to be “honest” about the identity of the user who is using it.  Other applications relay on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.

 Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that “the bad guys” are on the outside, which is often a very bad assumption. Insiders carry out most of the really damaging incidents of computer crime.  Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet.

Kerberos is necessary because there are people who know how to tap the lines between computers and listen for your password. They do this with programs called "sniffers", and the only way to stop them would be to physically guard every inch of the Internet - computers, cables and all. This, of course, is impossible. As long as there are physically insecure networks in the world and at Stanford, we'll need something like Kerberos to maintain the integrity and security of our electronic communications. Kerberos was created by MIT as a solution to these network security problems.

WHAT IS KERBEROS?

Kerberos is a network authentication protocol.  It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology.  Kerberos is available in many commercial products as well.

The kerberos protocol uses strong cryptography so that a client can prove its identity to a server across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

ADVANTAGES AND DISADVANTAGES

The main advantages of kerberos is the secure transmission of electronic data over the insecure network. How ever for each and every system there exists their own advantages and disadvantages.

The first disadvantage of kerberos system is for an application to use Kerberos, its sources must be modified to make the appropriate calls into the Kerberos libraries. For some applications, this may require too much programming effort. For other applications, changes must be made to the protocol used between network servers and their clients. Again, this may require extensive programming. Furthermore, it may be impossible to make certain closed-source applications work with Kerberos.

The second disadvantage of kerberos system is Kerberos assumes that you are using trusted hosts on an untrusted network. Its primary goal is to prevent plain text passwords from being sent across that network. However, if anyone other than the proper user has physical access to any of the hosts, especially the one that issues tickets used for authentication, the entire Kerberos authentication system is at risk of being compromised. 

Attachments:
Download this file (Kerberos.doc)Kerberos[Seminar Report]28 Kb