kerberos.html

黑客培训教程

<html xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns="http://www.w3.org/TR/REC-html40">

<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=ProgId content=Word.Document>
<meta name=Generator content="Microsoft Word 9">
<meta name=Originator content="Microsoft Word 9">
<link rel=File-List href="./kerberos_files/filelist.xml">
<title>Hacking Truths--What They Don't Teach In Manuals!!! By Ankit Fadia
ankit@bol.net.in Send an email to: programmingforhackers-subscribe@egroups.com
to recive more tutorials.</title>
<!--[if gte mso 9]><xml>
 <o:DocumentProperties>
  <o:Author>Ankit Fadia</o:Author>
  <o:Template>Normal</o:Template>
  <o:LastAuthor>Ankit Fadia</o:LastAuthor>
  <o:Revision>2</o:Revision>
  <o:TotalTime>115</o:TotalTime>
  <o:Created>2000-07-13T11:22:00Z</o:Created>
  <o:LastSaved>2000-07-13T11:22:00Z</o:LastSaved>
  <o:Pages>6</o:Pages>
  <o:Words>2318</o:Words>
  <o:Characters>13215</o:Characters>
  <o:Company>Hacking Truths</o:Company>
  <o:Lines>110</o:Lines>
  <o:Paragraphs>26</o:Paragraphs>
  <o:CharactersWithSpaces>16228</o:CharactersWithSpaces>
  <o:Version>9.2720</o:Version>
 </o:DocumentProperties>
</xml><![endif]--><!--[if gte mso 9]><xml>
 <w:WordDocument>
  <w:DisplayHorizontalDrawingGridEvery>0</w:DisplayHorizontalDrawingGridEvery>
  <w:DisplayVerticalDrawingGridEvery>0</w:DisplayVerticalDrawingGridEvery>
  <w:UseMarginsForDrawingGridOrigin/>
  <w:Compatibility>
   <w:FootnoteLayoutLikeWW8/>
   <w:ShapeLayoutLikeWW8/>
   <w:AlignTablesRowByRow/>
   <w:ForgetLastTabAlignment/>
   <w:LayoutRawTableWidth/>
   <w:LayoutTableRowsApart/>
  </w:Compatibility>
 </w:WordDocument>
</xml><![endif]-->
<style>
<!--
 /* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{mso-style-parent:"";
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	font-size:10.0pt;
	font-family:"Times New Roman";
	mso-fareast-font-family:"Times New Roman";}
h1
	{mso-style-next:Normal;
	margin:0in;
	margin-bottom:.0001pt;
	mso-pagination:widow-orphan;
	page-break-after:avoid;
	mso-outline-level:1;
	font-size:10.0pt;
	font-family:"Times New Roman";
	mso-font-kerning:0pt;}
a:link, span.MsoHyperlink
	{color:blue;
	text-decoration:underline;
	text-underline:single;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;
	text-underline:single;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;
	mso-header-margin:.5in;
	mso-footer-margin:.5in;
	mso-paper-source:0;}
div.Section1
	{page:Section1;}
 /* List Definitions */
@list l0
	{mso-list-id:771978749;
	mso-list-type:hybrid;
	mso-list-template-ids:-1728431286 -692972270 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
	{mso-level-text:"%1\.\)";
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
@list l1
	{mso-list-id:2016153380;
	mso-list-type:hybrid;
	mso-list-template-ids:-1917152176 1314390644 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
	{mso-level-text:"%1\.\)";
	mso-level-tab-stop:.5in;
	mso-level-number-position:left;
	text-indent:-.25in;}
ol
	{margin-bottom:0in;}
ul
	{margin-bottom:0in;}
-->
</style>
</head>

<body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'>

<div class=Section1>

<p class=MsoNormal>________________________________________________________________</p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal><b>Kerberos Torn Apart By Ankit Fadia</b> <a
href="mailto:ankit@bol.net.in">ankit@bol.net.in</a></p>

<br>

<p class=MsoNormal>________________________________________________________________</p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>Now days, almost all networks have firewalls installed to
protect them from the dangers of the un-trusted outside world of the Internet.
When firewalls first came to the scene, they were nowhere near good enough to
protect the Network completely. However, with the passage of time, the quality
of firewalls has increased to such a level that the present day firewall
systems make the internal trusted network almost 100% safe. </p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>They can easily be configured to allow only certain kinds of
data to pass through and even can be used to set which ports can be accessed
from the un-trusted network (Internet) and which ports are accessible from the
internal trusted network. Some good ones also scan all attachments going in and
out for viruses and ensure that no confidential data is going out of the company.
The present day firewalls have really made life quite easier for the system
administrating by giving more than a little protection from the Outside world.
However, one area where the firewalls falter is if the attach is from within
the trusted internal network or in other words, the attacker is doing something
wrong, something which he is not supposed to do from within the network and not
through the Internet. </p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>Say for example, you have a well configured; firewall
installed at your company抯 main server and it scans all incoming email
attachments for viruses. Now, if you get a virus attach from outside the
internal trusted network and though the Internet, then normally the firewall
will either delete or warn you about it. However, if the virus coder, is
working for you and is within the internal trusted network, then a firewall
would not be able to do anything about it and the virus will spread quite
easily. </p>

<p class=MsoNormal>NOTE: The above is just an example taken to ensure that you
understand. </p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>So, now, I hope you realize that only a Firewall is not
sufficient for a network and it also requires something for attacks from
internal systems.</p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>This is where the Kerberos comes in. Kerberos is a network
authentication protocol, which provides for the verification of identities
within a heterogeneous distributed networked environment. It is the de facto
standard for authentication, which gets it name from the three-headed dog in
Greek Mythology. </p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>For complete reference and details about Kerberos
authentication protocol, refer to the RFC 1510</p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>Now, within an internal network, the greatest danger lies in
the fact that anyone can easily pick up or sniff out confidential data like
company plans, passwords and even credit card numbers while this data is being
transferred from one system to another within the same network. </p>

<p class=MsoNormal><![if !supportEmptyParas]>&nbsp;<![endif]><o:p></o:p></p>

<p class=MsoNormal>Let us take an example, to understand better. Say, you are
on a client, which is connected to the main server, which provides services to
all clients connected to it.<span style="mso-spacerun: yes">