Delve into Kerberos fundamentals, exploring network security, authentication, authorization, and auditing. Gain hands-on practice in creating principals, requesting tickets, and mitigating protocol-specific attacks.

data.tar.gz

Kerberos is an essential part of any tech stack. It helps mitigate cyber attacks by providing strong authentication for client/server applications by using secret-key cryptography.

In this course, you will cover the basics of network security including: authentication, authorization, and auditing. You will also learn the fundamental concepts of Kerberos such as Key Distribution Center (KDC), Principals, and Ticketing.

Towards the end of this course, you will explore common attacks that are specific to the protocol and how Kerberos works to triage them. Lastly, you will get some hands-on practice with Kerberos where you’ll work to create a principal and request a Ticket-Granting Ticket from an Authentication Server.

By the time you’re done, you will have picked up a new in-demand skill that will allow you to better protect your data.

Kerberos for Beginners: Intro to Network Authentication Protocol

The Kerberos ecosystem consists of various components that come together to implement the authentication protocol in an insecure network. In this lesson, we'll examine the various parts of the puzzle before we delve into their interactions with each other. The important Kerberos components are:

- Realm
- Principal
- Key Distribution Center
- Key
- Ticket

We'll discuss each one of them in turn.


## Realm
A Kerberos realm can be thought of as a logical network or domain over which a Kerberos authentication server has the authority to authenticate a user, host, or service. A realm name is often the upper-case version of the name of the DNS domain over which it presides. The convention is to make the realm name equivalent to the DNS domain name, but this isn’t mandatory. In practice, however, nearly all Kerberos realms are named after the corresponding DNS domain. As an example, the realm for a Kerberos installation at Datajek would be **<text>DATAJEK.IO</text>**

## Principal
Every entity living within a Kerberos installation, including individual users, computers, and services running on servers, has a unique identifier associated with it called the **principal**. Each principal also has a password tied to it. You can consider the principal name analogous to the username you use for any online service, e.g., email or social media accounts. Your username identifies you uniquely for that service.

A principal has three sub-components:

- username
- instance (optional)
- realm name

Let's consider an example of a principal:

**laila/admin@DATAJEK.IO**


# Realm
A Kerberos realm can be thought of as a logical network or domain over which a Kerberos authentication server has the authority to authenticate a user, host, or service. A realm name is often the upper-case version of the name of the DNS domain over which it presides. The convention is to make the realm name equivalent to the DNS domain name, but this isn’t mandatory. In practice, however, nearly all Kerberos realms are named after the corresponding DNS domain. As an example, the realm for a Kerberos installation at Datajek would be **<text>DATAJEK.IO</text>**

# Principal
Every entity living within a Kerberos installation, including individual users, computers, and services running on servers, has a unique identifier associated with it called the **principal**. Each principal also has a password tied to it. You can consider the principal name analogous to the username you use for any online service, e.g., email or social media accounts. Your username identifies you uniquely for that service.

A principal has three sub-components:

- username
- instance (optional)
- realm name

Let's consider an example of a principal:

**laila/admin@DATAJEK.IO**


This lesson covers the various actors and entities that participate in the Kerberos protocol.

Theory

Practice

Quiz

Components

Realm

Principal