Cloud Insidr

Cybersecurity in the Age of the Machine

  • Subscribe!
  • Privacy Policy
  • Legal
  • Contact Us

Join us on Twitter: @CloudInsidr

  • news & alerts
    • events
    • industry analysis
    • industry gossip
    • people
  • cloud, edge & co.
    • AWS
    • administration & orchestration
      • web servers in the cloud
      • mail servers
      • databases
  • cybersec & warfare
    • encryption
  • blockchain
Home cloud, edge and everything in between administration and orchestration Still using Kerberos Authentication? Now You Have a Reason to Stop: It Does NOT Keep Your Business Safe
Still using Kerberos Authentication? Now You Have a Reason to Stop: It Does NOT Keep Your Business Safe

Anna E Kobylinska 2016-03-07 3 Comments

Still using Kerberos Authentication? Now You Have a Reason to Stop: It Does NOT Keep Your Business Safe

Kerberos, an ancient network authentication protocol from the 1980s that is commonly used to this day, can get you into some serious trouble.

The Kerberos setup used by your organization may not be all it’s cracked up to be.

Some myths run deep in the IT industry. It turns out, such is the case with Kerberos. The truth about security implications of using vanilla Kerberos is buried deep within its documentation.

Never mind, the esteemed MIT (Massachusetts Institute of Technology) keeps pushing new releases of their implementation of Kerberos. Their latest update was published less than two weeks ago. Their official project website treats you to this statement:

The Internet is an insecure place. Many of the protocols used in the Internet do not provide any security. Tools to “sniff” passwords off of the network are in common use by malicious hackers. (…)

As if they were trying to say “You are safe when using Kerberos”. But is that really so?

Not likely, at least not without further ado.

Brian H2O's Twitter profile

Brian H₂O’s (@int10h) had this to say via Twitter after diving into Kerberos:

@CloudInsidr yeah, because krb by itself only auths the client/server at the moment of handshake. there is not tunnel after, like ssl/ssh

— Brian H₂O’s (@int10h) March 7, 2016

Wow. Talk about surprises.

This looks like a serious case of IT “malpractice” and disinformation on the part of organizations advocating the use of Kerberos.

What if… what if this architectural flaw is somehow not an oversight, not a bug but a so-called “feature”?

@CloudInsidr not really. it wasn’t designed for tunneling. you can still do it, though. ssh w/ krb auth via gssapi does this.

— Brian H₂O’s (@int10h) March 7, 2016

Good to know. Is it worth the effort, then? (You decide.)

Thanks to Brian H₂O’s (@int10h) for this enlightening exchange!

Filed Under: administration and orchestration, alerts, cloud, edge and everything in between, cybersecurity and cyber warfare, industry gossip Tagged With: Kerberos, SSH

Comments

  1. Andre Pape says

    2020-08-25 at 1:20 am

    > Kerberos, an ancient network authentication protocol from the 1980s
    > that is commonly used to this day, can get you into some serious trouble.

    So true! I agree with you!

    Andre Pape

    Reply
  2. Startup Growth, Phoebe Willhite says

    2020-08-24 at 8:23 am

    YU

    Reply
  3. minecraft says

    2019-04-23 at 5:41 am

    Hi there would you mind stating which blog platform
    you’re working with? I’m looking to start my own blog soon but I’m having a difficult time selecting between BlogEngine/Wordpress/B2evolution and Drupal.
    The reason I ask is because your layout seems different then most blogs and I’m looking for something completely unique.
    P.S Apologies for getting off-topic but I had to ask!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe

Find the monitor that's right for you.

SSL/TLS Certificate Square (250 x 250)

Tag Cloud

AWS AWS Billing Dashboard AWS Config AWS Cost Explorer AWS EBS AWS Resource Explorer AWS Tag Editor AWS Trusted Advisor cipher suites cyber security Diffie-Hellman EBS EC2 ECDHE Five Eyes Alliance FLAME HSTS HTTP/2 Java Linux Log4j NGINX NVMe PHP RCE Route 53 SELinux SHA-1 SHA-2 SQL SSL TLS

Pearson Education (InformIT)

SSL/TLS Certificate Medium Rectangle (300 x 250)

©2022 CybrAnalytiqa OÜ

  • Content purchasing and syndication