Julayi 28, 2022

I-Kerberos icacisiwe

isabelo0
Ukufuna0
isabelo0
isabelo0
Ukufuna0
isabelo0

I-Cybercrime yinto engathandekiyo kule mihla; akukho nkampani okanye umbutho ukhuselekile, kungakhathaliseki ukuba uthetha ngabucala okanye ishishini ngokubanzi. Ingxaki ayizuphucuka kwezi ntsuku ngaphandle kokuba singasebenzisa umthetho olandelwayo kunye nesisombululo esisebenzayo sothungelwano.

Iingcaphephe ziye zaxela kwangaphambili ukuba ulwaphulo-mthetho lwe-intanethi luya konakalisa iindleko zehlabathi nge-25trillion ye-$ ekupheleni kuka-2025; engaqhelekanga, akunjalo?

Esinye isibikezelo sikaForbes sithi ukusetyenziswa rhoqo kwezixhobo eziphathwayo kwandisa izinga lobugebengu be-cybercrime, kwaye akukho kumisa. Ngenxa yoko, ihlabathi ledijithali lingena ukufumana izicwangciso ezintsha zokuqinisa ukhuseleko lwe-cyber. Ezi ziqikelelo zininzi kangangokuba awukakulungeli ukumamela okanye ukuqhubekeka engqondweni yakho.

Namhlanje, sijonge iprotocol yokuqinisekisa i-Kerberos. Masibuyise iikhethini sazi yintoni iKerberos?

Yintoni iKerberos? 

I-Intanethi yindawo engakhuselekanga. Ezinye iisistim zisebenzisa i-firewall ukuthintela ukufikelela okungagunyaziswanga kwiikhompyuter. Kodwa i-firewall icinga ukuba abantu ababi bangaphandle, kwaye yingxaki leyo. Uninzi lweenzame ezikhohlakeleyo zenziwa ngaphakathi.

Isebenzisa i-cryptography eyomeleleyo, i-Kerberos yiprothokholi yokuqinisekisa izicelo zenkonzo yenethiwekhi phakathi kweenginginya ezithenjiweyo kwinethiwekhi engathembekanga. Isebenzisa i-cryptography yesitshixo sokhuseleko kunye nomntu wesithathu othembekileyo ekusekeni usetyenziso lweseva yomxhasi kunye nokuqinisekisa ubuni babasebenzisi.

I-Kerberos yiprothokholi yoqinisekiso olusekwe kwindlela yokuthenga itikiti apho umxhasi aziqinisekisa kwiSeva yoQinisekiso (AS) kwaye afumane itikiti (amanyathelo ngamanyathelo abandakanyekayo phakathi konxibelelwano neZiko loSabelo oluPhambili) enokuthi iphinde iyisebenzise ngazo zonke iindawo isebenzisa okufanayo. KDC. Ke, kuthungelwano lwangaphakathi, unokufikelela kwiindawo ngokuziqinisekisa kwi-AS kwaye uphinde usebenzise itikiti ukufikelela kwezinye iindawo.

Iphi iKerberos protocol esetyenziswa kakhulu? 

I-Kerberos isetyenziswa ikakhulu kwiinkqubo ezikhuselekileyo ezifuna ukuphicothwa okuthembekileyo kunye neempawu zokuqinisekisa. Isetyenziswa kwiPosix yoqinisekiso, enye indlela yoqinisekiso ye ssh, POP, kunye ne SMTP, Kuvimba weefayili oSebenzayo, NFS, Samba, kunye neeprojekthi ezimbalwa ezifanayo. Ingasetyenziswa rhoqo njengenkqubo yokulahla kuyo nantoni na eqonda uqinisekiso lwePOSIX, oluncinci.

Iprojekthi yoqobo ye-OpenAuth isebenzise inkqubo efanayo, eneempawu ezithatha indawo yengqikelelo yetikiti ngokwembono yomxhasi. Yazi ubuncinci obunye uphumezo olusebenzise ungqinisiso lwesitayile seKerberos kunye nophicotho lweenkonzo zonxibelelwano lweeleya kwiinkqubo zamafu.

Yinkqubo enkulu, nangona ngenxa yePOSIX, uya kukwazi ukufumana isigunyaziso esincinci, kodwa njengezinto ezininzi, "ungaqengqeleka eyakho," kwaye sonke isicelo siya kuhlonipha ngendlela ofuna ngayo. . Kukwanceda ukuba ugunyaziso lwenziwe rhoqo, ngelixa ukuqinisekiswa kwenzeka kuphela ngoqhagamshelo olutsha xa itikiti langaphambili liphelelwa okanye emva kokulahleka konxibelelwano okanye ukuyekiswa.

Ziziphi iingenelo zokuqinisekiswa kwe-Kerberos? 

I-Kerberos izisa iitoni zeenzuzo kulo nakuphi na ukusetwa kwe-cybersecurity. Iinzuzo eziphambili zezi:

  • Ulawulo lofikelelo olusebenzayo: I-Kerberos inika abasebenzisi inqaku elinye lokugcina umkhondo wokhuseleko kunye nokunyanzeliswa komgaqo-nkqubo wokungena.
  • Ufikelelo olukhuselekileyo lobomi kumatikiti abalulekileyo: Itikiti ngalinye le-Kerberos linesitampu sexesha letikiti, idatha yobomi bonke, kunye nexesha lokuqinisekisa elilawulwa ngumlawuli.
  • Ungqinisiso lwendawo: Ezinye iisistim zenkonzo kunye nabasebenzisi banokuqinisekisa kwaye basebenzisane ngokuqinisekiswa okufanayo.
  • Uqinisekiso olusebenzisekayo kwakhona: nabani na osebenzisa ungqinisiso lweKerberos angaphinda asebenzise kwaye yomelele, efuna ukuba umsebenzisi ngamnye aqinisekiswe yinkqubo kube kanye. Ukuya kuthi ga ngoku itikiti lisebenziseka, umsebenzisi akayi kunyanzeleka ukuba agcine iinkcukacha zakhe ngeenjongo zokuqinisekisa.
  • Amanyathelo okhuseleko aqinileyo kunye ahlukeneyo: I-Kerberos inokhuseleko lokuqinisekisa ukhuseleko lokusebenzisa i-cryptography, izitshixo ezininzi eziyimfihlo, kunye nogunyaziso lomntu wesithathu, ukudala ukhuseleko oluthembekileyo nolukhuselekileyo. Enye into malunga ne-Kerberos kukuba amagama ayimfihlo awathumeli kwinethiwekhi, ngelixa izitshixo zabucala zifihliwe.

Yintoni i-Kerberos protocol flow overview? 

Nalu uguqulelo oluneenkcukacha ngakumbi malunga nokuba ungqinisiso lwe-Kerberos lumalunga nantoni. Kwakhona, yazi indlela esebenza ngayo ngokuyiqhekeza ibe ngamanyathelo ahlukeneyo kunye namacandelo ayo angundoqo.

Nanga amaziko aziintloko agxininiswe kuhambo lweKerberos protocol.

  • umxhasi: Umxhasi usebenza egameni lamava omsebenzisi kwaye usebenza njengonxibelelwano lwesicelo senkonzo.
  • Umncedisi: Umncedisi ubamba umsebenzisi ofuna ukufikelela kuyo.
  • Iseva yoqinisekiso (AS): I-AS yenza uqinisekiso lomxhasi olufunekayo. Ukuba uqinisekiso luqaliswe ngempumelelo, umxhasi ufumana itikiti elibizwa ngokuba yi-TGT (itikiti lokunika itikiti), ngokusisiseko isiqinisekiso sokuba abanye abancedisi abancedisi baqinisekisiwe.
  • Iziko loSabelo elingundoqo (KDC): Kwi-atmosphere ye-Kerberos, uqinisekiso lwahlulwe ngokwengqiqo kwiindawo ezintathu ezahlukeneyo
  • Isiseko sedatha 
  • Iseva yoqinisekiso (AS)
  • Itikiti lokunika itikiti (TGT)

La malungu mathathu ayasebenza, ajike kwaye abekhona kumncedisi omnye obizwa ngokuba nguMzindi woSabelo oluPhambili (KDC).

Uqukuqelo lweprotocol lunala manyathelo alandelayo: 

inyathelo 1: Ekuqaleni, isicelo sokuqinisekisa umxhasi siyahamba. Umsebenzisi ucela i-TGT kwi-server yokuqinisekisa (AS), ebandakanya i-ID yomxhasi wobungqina.

inyathelo 2: I-KDC iqinisekisa le nkqubo ingentla ngeenkcukacha zomxhasi. I-AS ijonga idatha yokhuseleko lomxhasi kwaye ifumana zombini amaxabiso; ikhupha isitshixo somthengi oyimfihlo, isebenzisa igama eligqithisiweyo ngamagama arhabaxa.

inyathelo 3: Umxhasi ugqithisa umyalezo. Umxhasi okanye umsebenzisi usebenzisa iqhosha eliyimfihlo lokususa ukuntsonkotha kumyalezo kwaye enze i-SK1 kunye ne-TGT yoqinisekiso oluqinisekisa itikiti lomxhasi.

inyathelo 4: Umxhasi usebenzisa itikiti ukufikelela kwisicelo esenziweyo. Abathengi bafuna itikiti elivela kumncedisi onikezela ngenkonzo ngokuthumela isitshixo kunye nokudala uqinisekiso kwi TGS.

inyathelo 5: KDC yenza itikiti lomncedisi wefayile. I-TGT ke isebenzisa iqhosha eliyimfihlo le-TGS ukuchaza i-TGT efunyenwe kumsebenzisi ukukhupha i-SK1. I-TGS ijonga ukuba idatha ihambelana ne-ID yomxhasi kunye nedilesi.

Okokugqibela, i-KDC yenza itikiti lenkonzo eliqulethe i-ID yomxhasi, idilesi, isitampu sexesha, kunye ne-SK2.

inyathelo 6: Umxhasi usebenzisa itikiti leseva yefayile ukuqinisekisa i-Sk1 kunye ne-Sk2.

inyathelo 7: Umncedisi ekujoliswe kuwo emva koko ufumana uguqulelo oluntsonkothileyo kunye noqinisekiso. Umntu ekujoliswe kuye usebenzisa isitshixo esiyimfihlo somncedisi ukucacisa itikiti elikhutshiweyo kunye nokukhupha i-SK2.

Nje ukuba iitshekhi zidibene, iseva ekujoliswe kuyo ithumela umyalezo womxhasi oqinisekisa umxhasi kunye ne-AS enye kwenye. Umsebenzisi ngoku ulungele ukuzibandakanya kwiseshoni ekhuselekileyo.

isiphelo 

Ekupheleni kwenqaku, siyathemba ukuba usifumene isishwankathelo se-Kerberos. Ukufunda ngakumbi ngeKerberos, iSimplilearn ibonelela Ukufunda okulula kwi-intanethi kubo bonke abanqwenela ukufunda iKerberos.

app, ishishini, Ukukhuseleka, uphuhliso, Engineering, ukhuseleko, Tech

Imifanekiso yombhali

Malunga nombhali 

UPeter Hatch

{"imeyile": "Idilesi ye-imeyile ayisebenzi", "url": "Idilesi yewebhusayithi ayisebenzi", "ifunwa": "Indawo efunekayo ilahlekile"}