blob: 72c522b6a7fe1e95223b352f82b483930abeaf08 (
plain)
Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by using
secret-key cryptography. A free implementation of this protocol is
available from the Massachusetts Institute of Technology. Kerberos is
available in many commercial products as well.
The Internet is an insecure place. Many of the protocols used in the
Internet do not provide any security. Tools to "sniff" passwords off
of the network are in common use by malicious hackers. Thus,
applications which send an unencrypted password over the network are
extremely vulnerable. Worse yet, other client/server applications rely
on the client program to be "honest" about the identity of the user
who is using it. Other applications rely on the client to restrict its
activities to those which it is allowed to do, with no other
enforcement by the server.
Some sites attempt to use firewalls to solve their network security
problems. Unfortunately, firewalls assume that "the bad guys" are on
the outside, which is often a very bad assumption. Most of the really
damaging incidents of computer crime are carried out by insiders.
Firewalls also have a significant disadvantage in that they restrict
how your users can use the Internet. (After all, firewalls are simply
a less extreme example of the dictum that there is nothing more secure
then a computer which is not connected to the network --- and powered
off!) In many places, these restrictions are simply unrealistic and
unacceptable.
Kerberos was created by MIT as a solution to these network security
problems. The Kerberos protocol uses strong cryptography so that a
client can prove its identity to a server (and vice versa) across an
insecure network connection. After a client and server has used
Kerberos to prove their identity, they can also encrypt all of their
communications to assure privacy and data integrity as they go about
their business.
Kerberos is freely available from MIT, under copyright permissions
very similar those used for the BSD operating system and the X Window
System. MIT provides Kerberos in source form so that anyone who wishes
to use it may look over the code for themselves and assure themselves
that the code is trustworthy. In addition, for those who prefer to
rely on a professionally supported product, Kerberos is available as a
product from many different vendors.
In summary, Kerberos is a solution to your network security problems.
It provides the tools of authentication and strong cryptography over
the network to help you secure your information systems across your
entire enterprise. We hope you find Kerberos as useful as it has been
to us. At MIT, Kerberos has been invaluable to our
Information/Technology architecture.
Additional information is available from the MIT Kerberos website:
http://web.mit.edu/kerberos/
|
