Windows Security And Kerberos Authentication For Network Security

Welcome Guys In This Post

In This lockdown period I Am Getting Bored In Home So Lets Learn Something New And If You don,t Know About How Authentication Is Worked In Windows So This Post is For You. So This Is A Simple Post For Understanding What is Kerberos,How Kerberos Authentication Works To Communicate Client To Server In Secure Way.

What Is Kerberos

Kerberos is A Network authentication protocol.It is based in client server architecture which means that client send request to the server for providing service and after the secure authentication done by server.server Will response back by giving the service to the client.Kerberos uses Asymentic encryption to provide a stronger authentication between client and server.It used port 88 (UDP)In windows default port

Entities Including To Client-Server Authentication

• Client :- A user or any software
• Server :- Service provider
• KDC (Key Distribution Center) :- Its A kind of trusted third party service

KDC (Key Distribution Center) Included two more servers

1. Authentication Server :- Authenticate requests and issue a ticket granting tickets for his users

(Note:- Authentication Server included Database Which is Store User password)

2. Ticket Granting Server(TGC) :-It will generate ticket of server which is based on ticket granting ticket(TGT)

Working Principal Of Kerberos Authentication

1. Client send request to the authentication server for asking server ID and server access(known as Kerberos Token) which is encrypted using client password(secret Key)
2. Authentication server will process this request based on client ID and fetch client password(secret key) from the database using client ID and decrypt the request
3. Now authentication server will communicate to client and generate TGT which is shared among client and TGT(encrypted with another secret key)
4. Now client send encrypted TGT to ticket granting server for asking server access
5. Ticket granting server decrypt the TGT using secret key which is shared between AS and client and issue a ticket granted server token (kerberos token) for client
6. Client send encrypted ticket granted server token(kerberos token) to server
7. Then server will allow acess for requested resource for the client for limited period
8. Server also send timestamp(Timestamp will included in requets to avoiding reply attacks)

This Is How Kerberos Authentication Works.I Hope You Understand This Article.

Follow Me in Linkedin

https://www.linkedin.com/in/anurag-ku

Thanks For Reading This Article