July 28, 2022

Kerberos Akatsanangura

mugove0
Tweet0
mugove0
mugove0
Tweet0
mugove0

Cybercrime ichokwadi chisingafadzi mazuva ano; hapana kambani kana sangano rakachengeteka, zvisinei nekutaura nezve zvakavanzika kana bhizinesi rakakura. Dambudziko harisi nani mazuva ano kunze kwekunge takwanisa kushandisa protocol yedu ine inoshanda network mhinduro.

Nyanzvi dzakafanotaura kuti cybercrime ichakuvadza mutengo wenyika nemadhora makumi maviri neshanu emadhora panopera gore ra25; zvinoshamisa, handizvo here?

Imwe fungidziro yakaitwa neForbes inotaura kuti kugara uchishandiswa kwenharembozha kuri kuwedzera huwandu hwehutsotsi hwepamhepo, uye hapana chekumisa. Nekuda kweizvozvo, nyika yedhijitari iri kupinda mukati kuti iwane nzira nyowani dzekusimbisa cyber kuchengetedza. Aya mafungidziro akawanda zvekuti hausati wagadzirira kuteerera kana kuita mundangariro dzako.

Nhasi, tiri kutsvaga Kerberos authentication network protocol. Ngatidzoserei machira tizive Chii chinonzi Kerberos?

Chii chinonzi Kerberos? 

Indaneti inzvimbo isina kuchengeteka. Mamwe masisitimu anoshandisa firewall kudzivirira kupinda kusingatenderwe kumakombuta. Asi firewall inofunga kuti vanhu vakaipa vari kunze, uye iro idambudziko. Kuwanda kwekuedza kwakashata kunoitwa kubva mukati.

Uchishandisa cryptography yakasimba, Kerberos iprotocol yekusimbisa zvikumbiro zvesevhisi yetiweki pakati pevanovimba nevatambi pane network isina kuvimbika. Inoshandisa kuchengetedza kiyi cryptography uye yechitatu bato yakavimbika yekumisikidza mutengi-server maapplication uye nekuona kuzivikanwa kwevashandisi.

Kerberos iprotocol yechokwadi yakavakirwa panzira yekutenga tikiti umo mutengi anozvisimbisa kuAuthentication Server (AS) uye anogamuchira tikiti (matanho akasiyana-siyana anosanganisirwa pakati pekutaurirana neKiyi Yekugovera Center) iyo yaanogona kushandisa zvakare nemanodhi ese achishandisa zvakafanana. KDC. Saka, mune yemukati network, unogona kuwana node nekuzvisimbisa iwe kune AS uye wozoshandisazve tikiti kuwana mamwe ma node.

Kerberos protocol inonyanya kushandiswa kupi? 

Kerberos inoshandiswa zvakanyanya pamasisitimu akachengeteka anoda kuongororwa kwakavimbika uye maficha echokwadi. Inoshandiswa muPosix yekusimbisa, imwe nzira yekusimbisa sisitimu ye ssh, POP, uye SMTP, mu Active Directory, NFS, Samba, uye akati wandei mamwe mapurojekiti akafanana. Inogona kugara ichishandiswa seyekudonhedza-in system kune chero chinonzwisisa POSIX kuvimbiswa, iyo yakati wandei.

Iyo yekutanga OpenAuth purojekiti yakashandisa yakafanana system, ine tokeni inotsiva iyo pfungwa yetikiti kubva pamaonero emutengi. Ziva zvishoma mamwe mashandisirwo akashandisa Kerberos dhizaini yechokwadi uye ongororo yewebhu sevhisi kutaurirana maseru mumafu masisitimu.

Iyo yakanaka sisitimu, kunyangwe nekuda kwePOSIX, iwe unozokwanisa kuwana mvumo zvishoma, asi senge zvinhu zvakawanda, unogona "kukungurutsa yako," uye iyo yese application inoremekedza sezvaunoda iwe. . Zvinobatsirawo kuti mvumo inofanira kuitwa nguva dzose, nepo kutendeseka kuchiitika chete nekubatanidza kutsva kana tikiti rapfuura rapera kana mushure mekurasikirwa kwekubatanidza kana kupera.

Ndeapi mabhenefiti eKerberos authentication? 

Kerberos inounza toni yemabhenefiti kune chero cybersecurity setup. Mabhenefiti makuru ndeaya:

  • Kubudirira kwekutonga kwekuwana: Kerberos inopa vashandisi poindi imwe chete yekuchengeta chengetedzo uye nekuisa mutemo mutemo.
  • Kuchengetedzwa kwehupenyu hwese matikiti akakosha: Tiketi rega rega reKerberos rine chitambi chenguva, data rehupenyu hwese, uye ratidziro yenguva inodzorwa nemutungamiriri.
  • On-point authentication: Mamwe masevhisi masisitimu uye vashandisi vanogona kutendesa uye kushandisa mumwe nemumwe kuburikidza nekuwirirana kwechokwadi.
  • Reusable authentication: ani nani anoshandisa Kerberos chokwadi anogona kushandisa zvakare uye akasimba, zvinoda kuti mushandisi wega wega aonekwe nehurongwa kamwe chete. Nekuda kwekushandisa tikiti, mushandisi haafanire kuchengetedza ruzivo rwavo nekuda kwezvinangwa zvehuchokwadi.
  • Matanho akasimba uye akasiyana ekuchengetedza: Kerberos ine chengetedzo yechokwadi chekuchengetedza kushandisa cryptography, akati wandei makiyi akavanzika, uye yechitatu-bato mvumo, kugadzira yakavimbika uye yakachengeteka kudzivirira. Chinhu chimwe pamusoro peKerberos ndechekuti mapassword haatumire pamusoro pemanetiweki, nepo makiyi epachivande akavharirwa.

Chii chinonzi Kerberos protocol flow overview? 

Heino imwe yakatsanangurwa vhezheni yeiyo Kerberos authentication ndeye nezve. Zvakare, ziva mashandiro ainoita nekuiputsa kuita nhanho dzakasiyana uye yayo yakakosha zvikamu.

Heano masangano makuru akanyura mukuyerera kweKerberos protocol.

  • munhu anoda kubetserwa: Mutengi anoita muzita remushandisi ruzivo uye anoshanda sekutaurirana kune chikumbiro chesevhisi.
  • Server: Sevha inobata mushandisi anoda kuiwana.
  • Sevha yechokwadi (AS): Iyo AS inoita inodiwa yechokwadi yevatengi. Kana huchokwadi hwakatangwa zvinobudirira, mutengi anogamuchira tikiti rinonzi TGT (tiketi rekupa tikiti), chisimbiso chekuti mamwe maseva evatengi akatendeseka.
  • Key Distribution Center (KDC): Mumhepo yeKerberos, huchokwadi hunopatsanurwa zvine mutsindo kuita zvikamu zvitatu zvakasiyana
  • Dhatabhesi 
  • Sevha yechokwadi (AS)
  • Tikiti rekupa tikiti (TGT)

Izvi zvikamu zvitatu zvinomhanya, tendeuka uye zviripo mune imwechete sevha inonzi Key Distribution Center (KDC).

Iyo protocol inoyerera ine nhanho dzinotevera: 

Step 1: Pakutanga, chikumbiro chechokwadi chemutengi chinoenda. Mushandisi anokumbira TGT kubva kune yechokwadi server (AS), iyo inosanganisira iyo mutengi ID yehumbowo.

Step 2: KDC inosimbisa maitiro ari pamusoro nemagwaro emutengi. Iyo AS inotarisa iyo data yekuchengetedzwa kwemutengi uye inowana zvese zvakakosha; inoburitsa kiyi yemutengi yakavanzika, ichishandisa password nemashoko anorwadza.

Step 3: Mutengi anopfuudza meseji. Mutengi kana mushandisi anoshandisa kiyi yakavanzika decrypt kutumira meseji uye anogadzira iyo SK1 neTGT yehuchokwadi inosimbisa tikiti remutengi.

Step 4: Mutengi anoshandisa tikiti kuti awane chikumbiro chinogadzirwa. Vatengi vanoda tikiti kubva kuseva inopa sevhisi nekutumira kiyi uye nekugadzira iyo yechokwadi kuTGS.

Step 5: KDC inogadzira tikiti reseva yefaira. Iyo TGT inobva yashandisa kiyi yakavanzika yeTGS kutsanangura iyo TGT yakagamuchirwa kubva kumushandisi kubvisa SK1. Iyo TGS inotarisa kana data ichienderana neiyo mutengi ID nekero.

Chekupedzisira, iyo KDC inogadzira tikiti rebasa rine ID yemutengi, kero, chitambi chenguva, uye SK2.

Step 6: Mutengi anoshandisa faira server tikiti kuratidza Sk1 uye Sk2.

Step 7: Iyo yakanangwa sevha inobva yagashira iyo decryption uye yechokwadi. Munhu anonangwa anoshandisa kiyi yakavanzika yeseva kuti anyore tikiti rakapihwa uye kubvisa SK2.

Kana macheki asangana, sevha yakanangwa inotumira meseji yemutengi inosimbisa mutengi uye AS mumwe nemumwe. Mushandisi ikozvino akagadzirira kuita chikamu chakachengeteka.

mhedziso 

Pakupera kwechinyorwa, isu tinovimba iwe wawana inotsanangura yezvinonzi Kerberos. Kuti uwane rumwe ruzivo nezve Kerberos, Simplilearn inopa Simplilearn online kudzidza kune vese vanoda kudzidza Kerberos.

App, Business, Cybersecurity, budiriro, Engineering, chibatiso, Tech

Munyori Wemifananidzo

Nezvomunyori 

Peter Hatch

{"email": "Kero yeemail haina kukodzera", "url": "Kero yewebhusaiti isiriyo", "inodiwa": "Inodiwa nzvimbo isipo"