tailieunhanh - Lecture Network security: Chapter 25 - Dr. Munam Ali Shah

This chapter we will continue our discussion on authentication applications and more precisely we will talk about kerberos in detail. kerberos versions, threats and vulnerabilities will also be discussed. | Network Security Lecture 25 Presented by: Dr. Munam Ali Shah Part – 2 (e): Incorporating security in other parts of the network Summary of the Previous Lecture In previous lecture we explored talked about Needham-Schroeder Protocol and will see how does it work Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA) were discussed We briefly talked about authentication applications And studied Kerberos (which is an authentication service) Outlines of today’s lecture We will continue our discussion on Authentication Applications and more precisely we will talk about Kerberos in detail Kerberos versions, threats and vulnerabilities will also be discussed Objectives You would be able to present an understanding Authentication Application. You would be able demonstrate knowledge about Kerberos and how it could be deployed in the network to achieve secuirty Authentication Applications Kerberos 6 Kerberos Authentication service developed at MIT Uses trusted key server | Network Security Lecture 25 Presented by: Dr. Munam Ali Shah Part – 2 (e): Incorporating security in other parts of the network Summary of the Previous Lecture In previous lecture we explored talked about Needham-Schroeder Protocol and will see how does it work Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA) were discussed We briefly talked about authentication applications And studied Kerberos (which is an authentication service) Outlines of today’s lecture We will continue our discussion on Authentication Applications and more precisely we will talk about Kerberos in detail Kerberos versions, threats and vulnerabilities will also be discussed Objectives You would be able to present an understanding Authentication Application. You would be able demonstrate knowledge about Kerberos and how it could be deployed in the network to achieve secuirty Authentication Applications Kerberos 6 Kerberos Authentication service developed at MIT Uses trusted key server system Provides centralised private-key third-party authentication in a distributed network allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server two versions in use: 4 & 5 Threat in distributed environment A user gain access to a workstation and pretend to be another user from that workstation alter the network addr. of workstation, so that request sent will be appear from impersonate system may evasdrop on exchanges and use the replay attack to gain entrance to the server or to disrupt the operations Authentication at each server ?? Kerberos is used to authenticate user to servers and servers to users Three approaches for security Rely on client workstation to ensure the identity of its users and rely on each server to enforce a security policy based on user id. Require the client system to authentication themselves to servers, but trust the client system concerning the id of users. .