Discuss the particulars of each attack scenario and how Kerberos defends against it.
1. A user gains access to a particular workstation and pretends to be another user from that workstation.
2. An attacker acts as the “man in the middle” between two computers (e.g. client and the server). The attacker spoofs each computer to “think” they have connected to the correct computer, when in fact the attacker is intercepting all transmissions. The attacker can then monitor or change any of the data before routing it on to the intended computer.
3.An eavesdropper obtains the IP address of an authenticated workstation and reconfigures another workstation to impersonate the authenticated workstation
In any of these cases, an unauthorized user may be able to gain access to services and data that he or she is not authorized to access. Rather than building in elaborate authentication protocols at each server, Kerberos provides a centralized authentication server whose function is to authenticate users to servers and servers to users. Kerberos relies exclusively on symmetric encryption, making no use of public-key encryption.
Discuss the particulars of each attack scenario and how Kerberos defends against it. 1. A user...
For the following questions I would like you to discuss the particulars of each attack scenario and how Kerberos defends against it. You will need to consider various elements of the attack scenarios. Some attacks can be implemented between multiple Kerberos components. For example, a MITM attack could occur between various components at various times. State your assumptions about how the attack is occurring, then describe how Kerberos defends against it. Good answers will describe both the particulars of the...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...