Delve into Kerberos fundamentals, exploring network security, authentication, authorization, and auditing. Gain hands-on practice in creating principals, requesting tickets, and mitigating protocol-specific attacks.

data.tar.gz

Kerberos is an essential part of any tech stack. It helps mitigate cyber attacks by providing strong authentication for client/server applications by using secret-key cryptography.

In this course, you will cover the basics of network security including: authentication, authorization, and auditing. You will also learn the fundamental concepts of Kerberos such as Key Distribution Center (KDC), Principals, and Ticketing.

Towards the end of this course, you will explore common attacks that are specific to the protocol and how Kerberos works to triage them. Lastly, you will get some hands-on practice with Kerberos where you’ll work to create a principal and request a Ticket-Granting Ticket from an Authentication Server.

By the time you’re done, you will have picked up a new in-demand skill that will allow you to better protect your data.

Kerberos for Beginners: Intro to Network Authentication Protocol

A man-in-the-middle attack, also known as a hijack attack, is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. In the case of Kerberos, the attacker is placed between the KDC and the client and tries to spoof the client into thinking that they are the real KDC.

Mounting a man-in-the-middle attack when  Kerberos protocol is in place is slightly complicated and was first reported by [Dug Song](https://www.linkedin.com/in/dugsong/). Note that Kerberos was designed with the ability to run in an untrusted network. The two parties at each end mutually authenticate each other and the possibility of a man in the middle attack doesn't arise. However, some applications (e.g., PAM modules in Unix) rely on receiving the TGT to authenticate a user and don’t complete the other ticket exchanges in the protocol, e.g., login service authenticating a user to a machine. The user enters their password, P, and an AS_REQ message is sent to KDC. When the response, AS_REP, is received, it is decrypted using the key derived from the user’s password, P. If the decryption is successful, the user is authenticated to the machine.

However, this approach has flaws, as the following sequence demonstrates:

1. The attacker is in possession of a valid username but doesn't know the password.


This lesson explains the man in the middle attack vulnerability in Kerberos.

Theory

Practice

Quiz

Attacks: Man in the Middle