AN NINH MNG

NHM 20
Nguyn Hng Lam Nguyn L Khi Nguyn Vit Thng 20091535 20091485 20093619

GIAO THC XC THC KERBEROS

Phn cng nhim v

GIAO THC XC THC KERBEROS

I. II. III. IV. V. Tng quan Mt s khi nim c dng trong Kerberos C ch hot ng Security Nhn xt

I.Tng quan
L giao thc cho php cc my c th lin lcvi

nhau trn ng truyn khng an ton m bo xc thc 2 chiu gia my ch & my khch c pht trin bi Hc vin cng ngh Massachusetts MIT ly theo tn con ch 3 u trong thn thoi Hy Lp Kerberos phin bn mi nht l Kerberos v5 Windows s dng Kerberos lm phng php mc nh cho vic xc thc.

II.Mt s khi nim

Principal Mt my tham gia vo qu trnh lin

lc Realm Mt min hot ng ring ca cc Principal (gn ging vi domain) Ticket V: 1 bn ghi gip my khch c th c xc thc hoc truy cp ti my ch KDC Trung tm phn phi kha, cung cp v cng nh kha phin tm thi. Authenticator Mt bn ghi cha thng tin chng minh va mi c to thnh s dng kha phin ch my khch & my ch bit

III.C ch hot ng
ng nhp Xc thc y quyn dch v Yu cu dch v

IV. Security
1. Kerberos Attacks 2. Vn giao thc bo mt 3. Firewalls, NAT, and Kerberos

1. Kerberos Attacks
Tha hip gc ca mt my KDC Kerberos

Tha hip ca mt qun tr vin Kerberos

quan trng Tha hip gc ca mt my ch Tha hip gc ca mt my client Tha hip ca ngi dng y nhim

2. Vn giao thc bo mt
Dictionary and Brute-Force Attacks
Dictionary Attacks : s dng danh sch cc mt khu thng

c s dng th v tn cng Brute-Force Attacks: th tt c cc kha cho n khi kha chnh xc c tm thy
Replay Attacks
k tn cng lng nghe cc tin nhn qua mng to mt bn sao ca tin nhn v pht li chng ln sau

Man-in-the-Middle Attacks
l cch tn cng ch ng, mo danh my ch khi k tn cng c kim sot c phin, th c th d dng

hnh ng Mt khi Kerberos thc hin s chng thc ln nhau, man in the middle b cn tr.

3. Firewalls, NAT, and Kerberos

Kerberos Network Ports
cc client bn ngoi tng la cng ty cn giao tip vi cc dch v

KDC v Kerberized bn trong tng la mt s cng phi c m trn tng la cng ty

Kerberos and NAT cho php nhiu my tnh chia s mt a ch IP duy nht cc a ch IP client cung cp n KDC s khng trong bng nh tuyn Vic s dng cc v khng c trng a ch s lm gim i tnh bo mt

V.Nhn xt
u im:
dng c trong ng truyn khng an ton c m ha bng cc phng php kh an ton Ch phi ng nhp 1 ln Ch ng iu chnh thi gian xc thc.

Nhc im:
Ph thuc nhiu vo h thng KDC i hi s ng b v thi gian nu my tnh b ci cc phn mm n cp c th l mt khu Ch s dng c vi cc chng trnh c h tr kerberos