4.2 Understand Kerberos Authentication and Domain Security

Explain Kerberos Authentication and Domain Security

Kerberos Authentication

  • Kerberos is a computer network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
  • The protocol was named after the character Kerberos (or Cerberus) from Greek mythology, the ferocious three-headed guard dog of Hades.
  • Its designers aimed it primarily at a client–server model and it provides mutual authentication both the user and the server verify each other's identity
  • Kerberos protocol messages are protected against eavesdropping and replay attacks.

Domain Security

Explain Trusts Relationships between domains.

Explain IPSecurity

Summary: Is a powerful authentication protocol that is transparent to the user except when entering the initial password or smart-card. The Kerberos protocol provides authentication and strong cryptography to secure information system across an entire network or enterprise . The protocol is a highly effective solution to network security problem.

  • A domain security policy is a security that is specifically applied to a given domain or set of computers or drives in a given system.
  • System administrators use a domain security policy to set security protocols for part of a network, including password protocols, access levels and much more.
  • Trust relationship are an administration and communication link between two domains.
  • A trust relationship between two domains enables user accounts and global groups to be used in a domain other than the domain where the account are defined.
  • When there are trust relationships between domains, the authentication mechanism for each domain trusts the authentication mechanism for all other trusted domains.
  • If a user or application is authenticated by one domain, its authentication is accepted by all other domains that trust the authenticating domain.
  • Internet protocol security (IPsec) is a set of protocols that provides security for Internet Protocol.
  • It can use cryptography to provide security.
  • IPsec can be used for the setting up of virtual private network (VPNs) in a secure manner.
  • Is a framework of open standards for helping to ensure private, secure communications over Internet protocol (IP) networks through the use of cryptographic security services. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection. Because IPSec is integrated at the Internet layer (layer3), it provides security for almost all protocols in the TCP/IP suite, and because IPSec is applied transparently to applications, there is no need to configure separate security for each application that uses TCP/IP.