Time
12 hours 41 minutes
Difficulty
Advanced
CEU/CPE
15

Video Description

In this section we examine single sign-on, the pros and cons associated with it, and a standard that implements it called Kerberos. Kelly presents a wonderful "carnival" analogy for Kerberos that is very helpful in understanding its operation! The challenge facing any large organization is how to manage user accounts securely. In peer-to-peer networking situations, it's a chore to create and disable multiple user accounts without any centralized means. A solution is to move to a client/server architecture or the implementation a domain controller. Several standards for this are LDAP, which is used by Active Directory, Sesame, KryptoKnight, and Kerberos. We next discuss the pros and cons of single sign-on. Pros consist of ease of use for end users, centralized control and ease of administration. On the flip side, cons consist of a single point of failure, the necessity for standards, and with convenience, comes potentially giving away the "keys to the kingdom." Kerberos is covered next and is a standard that has been around for a long. It was originally developed by MIT. It uses symmetric cryptography and its core security feature is that it never puts passwords on the network. This is vital for preventing replay attacks. Kelly then presents her carnival analogy to explain the inner workings of Kerberos. Concepts such as the realm, wrist bands, and ride tickets are presented. You should find this way of viewing things very helpful in understanding Kerberos! Finally, concerns and weaknesses with Kerberos are discussed, and though Kerberos is not perfect, it's still a pretty good solution for single sign-on.

Up Next

ISC2 CISSP

Our free online CISSP (8 domains) training covers topics ranging from operations security, telecommunications, network and internet security, access control systems and methodology and business continuity planning.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor