Adrian's CyberSecurity && IT blog

What is Kerberos and how does this protocol work?

What is Kerberos and how does this protocol work?

In this article, I will try to explain in a simple way how this protocol works, so that you understand how it works, and then you can dig deeper.

Adrian's photo
Adrian
·

4 min read

Why do I write about it?

I don't know why I like this protocol, but probably because of its name, which is quite interesting. Kerberos has a bit in common with the three-headed dog, Cerberus. The word itself is an interesting cluster of letters, let alone the technology behind it!
I liked not only the word, so I want to write a little more about this protocol.

Here you will find my explanation and some known vulnerabilities!

What is the authentication protocol?

An authentication protocol is a set of rules and procedures that are used to confirm the identity of users on a computer network. The authentication protocol is an important element of network security as it helps protect against unauthorized access to resources and data.

What Kerberos is?

So, Kerberos is an authentication protocol that allows secure logins to various systems and applications on a computer network. It is one of the most popular authentication protocols that is often used in large organizations and computer networks.

What Kerberos Realm is?

A Kerberos realm is a security domain that is defined within the Kerberos protocol. It is a logical grouping of network resources, such as servers and applications, that share the same Kerberos authentication server. A realm is typically defined by the domain name of the Kerberos authentication server, and all network resources within the realm are configured to use this server for authentication.

How does the Kerberos work?

Kerberos works as follows:
When a user wants to log into a system or application, it sends a login request to a special server (the so-called Kerberos server).
The Kerberos server verifies the user's identity and, if it is correct, sends the user a special token (the so-called ticket), which serves as proof of identity.
The user sends a ticket to the system or application that accepts it and allows access to resources.

Thanks to this, authentication takes place without having to enter the username and password multiple times.

Kerberos and Active Directory in SIMPLE STEPS

Kerberos works with Active Directory as follows:

  1. The user wants to access resources in the Active Directory system.

  2. The user sends a login request to a Kerberos server that is integrated with the Active Directory system.

  3. The Kerberos server verifies the user's identity and, if it is correct, sends a special token to the user (the so-called ticket).

  4. The user sends a ticket to the Active Directory system, which accepts it and allows access to resources.

  5. The user can now access resources in the Active Directory system without having to log in again.

Single-Sign-On
Kerberos only requires the user to type their password once when first authenticating the client.

What does Kerberos consist of?

The core components of the Kerberos protocol are:

  1. The Kerberos server

    This is the central server in the network that is responsible for authenticating users and issuing tickets.

  2. The ticket-granting server (TGS)
    This is a component of the Kerberos server that is responsible for issuing tickets to users after they have been authenticated.

  3. The ticket
    This is a special token that is issued by the TGS and is used by users to access network resources.

  4. The authentication server (AS)
    This is a component of the Kerberos server that is responsible for verifying the identity of users when they request a ticket from the TGS.

  5. The user
    This is the person who wants to access network resources and must be authenticated by the Kerberos server before they can do so.

    A detailed description can be found here:
    Learn more about Session Key, Key Distribution Center, Realm, Encryption and Session Key 👇👇below 👇👇
    https://www.zeroshell.org/kerberos/kerberos-definitions/

Some known Kerberos vulnerabilities

  1. 💥AS-REP Roasting vulnerability 💥
    exploits a vulnerability in the Kerberos protocol that allows a user's password to be obtained by sending a specially crafted login request to a Kerberos server.
You can read more about AS-REP [here](https://blog.netwrix.com/2022/11/03/cracking_ad_password_with_as_rep_roasting/)
  1. 💥Golden Ticket vulnerability 💥
    exploits a vulnerability in the Kerberos protocol that allows the creation of a fake ticket (the so-called "golden ticket") and access to all resources in the computer network.
You can find more info [here](https://blog.quest.com/golden-ticket-attacks-how-they-work-and-how-to-defend-against-them/)
  1. 💥Silver Ticket vulnerability 💥:
    exploits a vulnerability in the Kerberos protocol that allows the creation of a fake ticket (the so-called "silver ticket") and access to certain resources in a computer network.
[You can find out more](https://www.varonis.com/blog/kerberos-attack-silver-ticket)

I hope you liked my post and got something out of it. If it was useful, give it a like and leave a comment. Any feedback helps me develop, write and create texts better.

Thanks in advance, Adrian!

authenticationSecurity#cybersecurityIAMActive Directory