Authentication Services

 Authentication Services:

In this section we will discuss the authentication services. The main goal of these services are to ensure that unencrypted credentials are not sent across the network. In other words they ensure that credentials are not sent in clear text.

Kerberos:
It is a network authentication mechanism mostly used in both windows active directory domain and some Unix environments. Kerberos provides mutual authentication that can help prevent MITM attacks and uses tickets to help prevent replay attacks.

Working of Kerberos:

The KDC(key distribution center) uses a complex process of issuing TGTs(Ticket granting tickets) and other tickets. The KDC packages user credentials within the ticket. Tickets provide authentication for users when they access resources such as files on the file server. These tickets are sometimes referred to as tokens.



NTLM:
New Technology LAN Manager is a suite of protocols that provide authentication, integrity, and confidentiality within windows systems. It uses the Message Digest hashing algorithm to challenge users and check their credentials.

LDAP:
Lightweight Directory Access Protocol specifies formats and methods to query directories. A directory is a database of objects that provides a central access point to manage users, computers and other directory objects.

Single Sign On (SSO):
Single Sign On refers to the ability of a user to log on or access multiple systems by providing credentials only once. SSO increases security because the user only needs to remember one set of credentials and is less likely to write them down. It’s also much more convenient for users to access network resources if they only have to log on one time.

OAuth:
OAuth is an open standard for authorization many companies use to provide secure access to protected resources. Instead of creating a different account for each website you access, you often use the same account that you have created with Google, Facebook, PayPal, Microsoft, or Twitter.


OpenID connect:
OpenID connect works with OAuth 2.0 and it allows clients to verify the identity of end users without managing their credentials. OpenID connect provides identification services, without requiring the application to handle the credentials.

Comments

Popular posts from this blog

Cyber Threat Intel

Analyzing Spear Phishing Email

Advance Attacks on Network