Professional Documents
Culture Documents
NHM 20
Nguyn Hng Lam Nguyn L Khi Nguyn Vit Thng 20091535 20091485 20093619
I.Tng quan
L giao thc cho php cc my c th lin lcvi
nhau trn ng truyn khng an ton m bo xc thc 2 chiu gia my ch & my khch c pht trin bi Hc vin cng ngh Massachusetts MIT ly theo tn con ch 3 u trong thn thoi Hy Lp Kerberos phin bn mi nht l Kerberos v5 Windows s dng Kerberos lm phng php mc nh cho vic xc thc.
lc Realm Mt min hot ng ring ca cc Principal (gn ging vi domain) Ticket V: 1 bn ghi gip my khch c th c xc thc hoc truy cp ti my ch KDC Trung tm phn phi kha, cung cp v cng nh kha phin tm thi. Authenticator Mt bn ghi cha thng tin chng minh va mi c to thnh s dng kha phin ch my khch & my ch bit
III.C ch hot ng
ng nhp Xc thc y quyn dch v Yu cu dch v
IV. Security
1. Kerberos Attacks 2. Vn giao thc bo mt 3. Firewalls, NAT, and Kerberos
1. Kerberos Attacks
Tha hip gc ca mt my KDC Kerberos
quan trng Tha hip gc ca mt my ch Tha hip gc ca mt my client Tha hip ca ngi dng y nhim
2. Vn giao thc bo mt
Dictionary and Brute-Force Attacks
Dictionary Attacks : s dng danh sch cc mt khu thng
c s dng th v tn cng Brute-Force Attacks: th tt c cc kha cho n khi kha chnh xc c tm thy
Replay Attacks
k tn cng lng nghe cc tin nhn qua mng to mt bn sao ca tin nhn v pht li chng ln sau
Man-in-the-Middle Attacks
l cch tn cng ch ng, mo danh my ch khi k tn cng c kim sot c phin, th c th d dng
hnh ng Mt khi Kerberos thc hin s chng thc ln nhau, man in the middle b cn tr.
Kerberos and NAT cho php nhiu my tnh chia s mt a ch IP duy nht cc a ch IP client cung cp n KDC s khng trong bng nh tuyn Vic s dng cc v khng c trng a ch s lm gim i tnh bo mt
V.Nhn xt
u im:
dng c trong ng truyn khng an ton c m ha bng cc phng php kh an ton Ch phi ng nhp 1 ln Ch ng iu chnh thi gian xc thc.
Nhc im:
Ph thuc nhiu vo h thng KDC i hi s ng b v thi gian nu my tnh b ci cc phn mm n cp c th l mt khu Ch s dng c vi cc chng trnh c h tr kerberos