What are the key benefits of Kerberos how is it managed in Windows 2000 system?

The Kerberos protocol is more flexible and efficient than NTLM, and more secure. The benefits gained by using Kerberos authentication are: More efficient authentication to servers. With NTLM authentication, an application server must connect to a domain controller in order to authenticate each client.

Why Kerberos is secure?

What makes Kerberos so special? Kerberos uses secret-key cryptography to provide secure communication over non-secure channels. Essentially, Kerberos is a trusted 3rd party server that issues tickets for users so they can authenticate to systems and services.

What are the Kerberos limitations?

Biggest lose: assumption of secure time system, and resolution of synchronization required. Could be fixed by challenge-response protocol during auth handshake. Password guessing: no authentication is required to request a ticket, hence attacker can gather equivalent of /etc/passwd by requesting many tickets.

Are there any known weaknesses in Kerberos?

The Kerberos protocol is not as resistant to penetration as it should be. A number of weaknesses are apparent; the most serious is its use of an authen- ticator to prevent replay attacks. The authenticator relies on use of a timestamp to guard against reuse. This is problematic for several reasons.

How does Kerberos prevent against capture and replay and man in the middle attacks?

Kerberos version 5 requires all systems to be synchronized and within five minutes of each other. The clock that provides the time synchronization is used to timestamp tickets, ensuring they expire correctly. This helps prevent replay attacks.

What uses Kerberos?

Perhaps the most widely know products which use Kerberos, are Microsoft Windows and Microsoft Active Directory. In a Microsoft network/domain, users authenticate using the Kerberos protocol when they logon to their Windows workstation.

Is Kerberos the most secure?

Improved Security Cryptography, multiple secret keys, and third-party authorization make Kerberos one of the industry’s most secure verification protocols. User passwords are never sent across the network. Secret keys pass the system in encrypted form.

What problems does Kerberos solve?

In summary, Kerberos is a solution to your network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise.

What problems were Kerberos designed to address?

What problem was Kerberos designed to address? network or Internet? – A user may gain access to a particular workstation and pretend to be another user operating from that workstation. – Require that client systems authenticate themselves to servers, but trust the client system concerning the identity of its user.