RDB PRIME!
Engineering
Home
Research Paper(s)
Resume
Technology Items
Site Map
Site Search
 
 It is 14:25 PST on Friday 04/26/2024

"K" Networking Definitions & Concepts...

Kerberos Authentication .. to .. Knowbots

# A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Search for Information Technology Items



K, or Kilo:

A prefix denoting 103, or a thousand; for example, kilobits, kiloseconds, kilometers.

Kerberos:

Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology (MIT). Kerberos is available in many commercial products as well.

The Internet is an insecure place. Many of the protocols used within the Internet do not provide any security. Tools to "sniff" passwords off of the network are in common use by malicious hackers. Thus, applications which send an unencrypted password over the network are extremely vulnerable. Worse yet, other client/server applications rely on the client program to be "honest" about the identity of the user who is using it. Other applications rely on the client to restrict its activities to those which it is allowed to do, with no other enforcement by the server.

Some sites attempt to use firewalls to solve their network security problems. Unfortunately, firewalls assume that "the bad guys" are on the outside, which is often a very bad assumption. Most of the really damaging incidents of computer crime are carried out by insiders. Firewalls also have a significant disadvantage in that they restrict how your users can use the Internet. (After all, firewalls are simply a less extreme example of the dictum that there is nothing more secure then a computer which is not connected to the network --- and powered off!) In many places, these restrictions are simply unrealistic and unacceptable.

Kerberos was created by MIT as a solution to these network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business.

Kerberos is freely available from MIT, under copyright permissions very similar those used for the BSD operating system and the X Window System. MIT provides Kerberos in source form so that anyone who wishes to use it may look over the code for themselves and assure themselves that the code is trustworthy. In addition, for those who prefer to rely on a professionally supported product, Kerberos is available as a product from many different vendors.

Therefore, Kerberos is a solution for many network security problems. It provides the tools of authentication and strong cryptography over the network to help you secure your information systems across your entire enterprise. You will find Kerberos to be very useful. At MIT, Kerberos can be invaluable to your Information/Technology architecture.

Thus, Kerberos is a security system that helps prevent people from stealing information that gets sent across the wires from one computer to another. Usually, these people are after your password.

The name "Kerberos" comes from the mythological three-headed dog whose duty it was to guard the entrance to the underworld. The Kerberos security system, on the other hand, guards electronic transmissions that get sent across the Internet. It does this by scrambling the information -- encrypting it -- so that only the computer that's supposed to receive the information can unscramble it. In addition, it makes sure that your password itself never gets sent across the wire: only a scrambled "key" to your password.

Kerberos Authentication:

The Kerberos authentication service was developed by the Mssachusetts Institute of Technology's Project Athena as an authentication mechanism for open systems in distributed environments. It is used in the Open Software Foundation's (OSF's) Distributed Computing Environment (DCE) and by various network operating system venders.

Kerberos was designed with distributed environments in mind where some workstations are located in unsecure areas and users may be untrusted. Kerberos has the following features:

  • Clients are authenticated when logging on. Other clients trust that the Kerberos authentication servers have properly identified the clients.

  • Users must acquire a ticket from an authentication server in order to use a service available on a target server. An authenticator is generated, which contains additional user information that the target server compares with a ticket to verify proper identity. This process happens in the background.

  • Tickets provide the authorization required by authenticated users to access a service.

  • Tickets are privated-key encrypted and contain the identity of a client, their address, time stamps, and other information. Time stamps ensure that information crossing the network expires after a few hours to thwart intruders.

  • All sessions between clients and servers are temporary. If a client needs a new session, a new authenticator must be obtained. Tickets expire after a period of time, so clients periodically need to acquire new tickets to access a particular server.

The Kerberos system requires that each network service be modified to use Kerberos. It also requires a special server that handles the Kerberos authentication service. This system must be placed in a secure location. In addition, because network access is cut off if the Kerberos server goes down, a redundant server is recommended. While the costs are high, Kerberos provides a secure environment for organizations that need it.

Kermit:

A simple file transfer protocol used to exchange files between PCs. Kermit was developed at Columbia University and named after Kermit the Frog. It provides a way to download files from mainframes to microcomputers. It has evolved into a general-purpose data transfer utility.

  • Kermit is half-duplex communication protocol.

  • It supports 7-bit ASCII characters.

  • Data is transferred in variable-sized packets that can be up to 96 bytes long.

  • An achnowledgment is required for each transmitted packet.

  • Kermit can transfer multiple files per session.

Kernel:

Kernel refers to the core components of most operating systems. It is the portion that manages memory, files, peripherals, and system resources. The kernel typically runs processes and provides interprocess communication amoung them. Some of core functions are listed below:

  • Scheduling and synchronization of events

  • Communication amoung processes (message passing)

  • Memory management

  • Management of processes

  • Management of input and output routines

The Mach operating system developed at Carnegie-Mellon University has a client-server architecture consisting of a relatively small kernel (microkernel) that implements minimal functions. It manages device drivers, messages, threads, and virtual memory. Other functions are modular and communicate with the kernel using interprocess communication mechanisms. Remote procedure calls (RPCs) are used to communicate with processes running on other systems.

In the DOS operating system, the kernel is considered the portion between the basic input output system (BIOS) and the application software. Commands from applications are passed through the kernel to the BIOS and then to the hardware.

Key Encryption Technology:

Key technology provides encryption services to secure network transmissions in open environments. There are two types of key technology: private key (symmetric encryption) and public key (asymmetric encryption).

The purpose of any encryption scheme is to secure private communication. The growth of international networks, public and private E-mail systems, and radio communication requires a greater need for security. Fortunately, advances in microelectronics are making security measures easier and cheaper to implement. Perhaps the use of protocol analyzers by technicians to monitor network traffic has enlightened managers to the fact that their data transmissions are not secure. Anyone with such a device can view selected data streams on the network.

Private-key encryption methods are called symmetric ciphers and public-key methods are called asymmetric ciphers.

  • Private-key scheme Information is encrypted with a key that both the sender and receiver hold privately. This system assumes that both parties have already exchanged keys using some manual method and that the exchange did not compromise security.

  • Public-key scheme Two related keys are created for each user. One is held privately and the other is placed in a public area. If someone wants to send you a message, he or she encrypts it with your public key. Upon receipt of the message, you decrypt it with your private key.

Keying:

The process of making components non-symmetrical in order to make sure they are connected properly. Keying is important in situations in which incorrect connections can cause damage to circuitry and components. For example, modular telephone (RJ-xx) plugs and jacks may be keyed; MMJ connectors are a keyed variant of RJ-xx connectors. Cables connecting disk drives to power supplies may also be keyed.

Key Management Protocol (KMP):

In a secure network, KMP is a protocol used for checking security keys.

Killer Channel:

In digital telecommunications, a transmission channel whos timing is off, so that the channel overlaps and interferes with other channels.

Kill File:

On the Internet, a data file that contains instructions to filter out ("Kill") news postings and e-mail from certain persons or about certain topics. Also called a bozo filter.

Knowbots:

"Knowbots", as envisioned by Marvin Minsky of the Massachusetts Institute of Technology, are intelligent agents that search digital libraries of information on large networks, such as the Internet. The idea is further explored by Carl Malamud in his book Stacks, Interoperability in Today's Computer Networks (Englewood Cliffs, New Jersey: Prentice-Hall, 1992):

"Perhaps the most futuristic-sounding component of the Digital Library System is the knowbot, an intelligent program that is launched onto the network. The knowbot visits different nodes looking for information of use to the knowbot's master. The knowbot performs tasks, perhaps rooting through databases or negotiating purchase terms for information, and sends messages back to its master. The master may be a person, but could well be another knowbot".

Knowbots are important because the information infrastructure is growing so large and at the same time becoming so much more available through the Internet and other networks. Knowbots can locate information without user interventiion, saving time and presumably money although there will certainly be many opportunities for information services to make lots of money. Malamud and others envision systems that automatically compensate authors when online works are referenced.



Search for Information Technology Items

Return back to Network & Concepts Index

Networking "K" Definitions and Concepts

robert.d.betterton@rdbprime.com

Back | Home | Top | Feedback | Site Search

E-Mail Me

This site is brought to you by
Bob Betterton; 2001 - 2011.

This page was last updated on 09/18/2005
Copyright, RDB Prime Engineering


This Page has been accessed "4766" times.