Kerberos Key Management (Single Sign-on) Definition |
Kerberos Best Practices |
The Kerberos server addresses three objectives: provides a secure protocol for accessing services, passwords are stored centrally to facilitate system administration and provides users single sign-on (SSO) ability allowing them to use a single password to gain access to granted services. This ultimately allows users to communicate more securely with insecure network protocols like HTTP and FTP. Additionally, this facilitates the process of discontinuing access to employees who leave the organization or change roles. The security protocol involves three entities within its realm; the clients, the servers/services and the Key Distribution Center (KDC). The KDC contains two elements; an authorization server (AS) and a ticket granting service (TGS). The KDC protocol ensures security by never transferring unencrypted keys over the network. Rather, the KDC serves as a trusted, third party using tickets to authenticate authorized clients to authorized servers. It’s a clever approach that addresses many problems, however, not completely risk-free
|
he use of Kerberos key management does pose some risks in that there’s a one-stop-shop for an attacker to get all the keys. Given the risks with Kerberos and given many new regulations like PHI data that is governed by HIPAA regulations, I would ensure the Kerberos domain controller is integrated behind the inner firewall, not in the demilitarized zone (DMZ) between the inner and outer firewalls (See Figure 2 below for a sample network illustration). This will be integrated into the corporate LAN. The Kerberos DBASE containing user ID’s, server ID’s and passwords will be populated with access to corporate data and User and Provider Data. Presumably remote employees will be included through a VPN connection when they are granted access through the inner firewall. I don’t see a need to include providers and customers as their access will be restricted to limited services. This removes the risk of placing the Kerberos server in the DMZ which is largely viewed as a bad idea (Upadhyay, 2011).
|
Sample Network illustrating the use of a Kerberos Server
