Choose one of the following questions. Your answers should be complete and at le
ID: 3661715 • Letter: C
Question
Choose one of the following questions. Your answers should be complete and at least one page in length.
A. Kerberos is one of the more secure authentication techniques being used today. Research how Kerberos functions, where it is being used, and what are its strengths and weakness.
B. How do you patch a Linux server? Using the Internet, research ways that Linux computers are patched. Explain how these procedures differ from patching Windows. For example, explain whether patching in Linux is easier or harder than patching in Windows. Which way do you prefer?
Explanation / Answer
Kerberos functions:
it follows this five-step process:
Kerberos has a number of limitations.
Where it is being used?
The best way to think about Kerberos is as a suite of security services. An individual or program that wants to use Kerberos services must make explicit calls in order to obtain those services. A typical scenario is a user sitting at a workstation who wants to use an application that requires the user to first authenticate himself or herself to the application using Kerberos before the application will respond. First, the user runs a Kerberos utility on the workstation called kinit.
What are its strengths and weakness?
Strengths:
Secure Channels:
A secure channel provides integrity and confidentiality services to communicating principals. Kerberos offers these services.
Integrity
An integrity service allows principals to determine if the message stream between them has been modified in an unauthorized manner. The Kerberos safe message includes a checksum that is used as an integrity check. Each principal in the Kerberos safe message exchange separately derives this checksum from the message using one of several available algorithms. The algorithms include a one-way message digest hash that has cryptographic strength. The nature of such a checksum is that it cannot be adjusted to conceal a change to the message.
Confidentiality
A confidentiality service is designed to counter passive wire-tapping by restricting the availability of message traffic to an authorized set of principals. The traffic itself and both source and destination addresses of the traffic are of interest. Obviously, the traffic itself can contain confidential information. In particular, Kerberos is specifically designed to minimize the transmission of passwords over the network and encrypt passwords under those few conditions when they are transmitted over the network. Kerberos also provides encryption of an application’s message data if the application desires it.
Authentication
An authentication service permits one principal to determine that the identity of another principal is genuine as represented. It is often important for both sides of an exchange to mutually authenticate. Kerberos currently uses a trusted third party (the Kerberos authentication server) to mediate the exchange of shared secrets between principals in order to authenticate principals to one another.
Access Control
An access control service protects information from disclosure or modification in an unauthorized manner by controlling which principals are granted access. Kerberos does not directly offer this service, although the protocol provides for the inclusion and protection of access control information in messages for use by applications and operating systems.
Nonrepudiation
Nonrepudiation services offer proof to the sender that information was delivered and proof to the recipient as to the origin of the information. Typically, such proof is used by an arbitrator to settle a repudiation-based dispute. For instance, in the case of E-mail between two people or electronic funds transfer between two business entities, a court of law would be the arbitrator that adjudicates repudiation-based disputes that arise. Kerberos offers the basic authentication and integrity services from which a nonrepudiation service could be built. Kerberos does not offer the arbitration services that are required for the complete implementation of such a service.
Availability
Availability services provide an expected level of performance and availability such as error-free bandwidth. Perhaps the best example of an availability problem is a denial of service attack. Consider someone simply disconnecting the cable that connects a network segment to its router. Kerberos does not offer any services to deal with this set of problems.
Weakness: