#SystemArchitecture Series: #Kerberos Architecture Component and communication flow #architecture
#Kerberos is a ticketing-based #authentication #system, based on the use of #symmetric keys. #Kerberos uses tickets to provide #authentication to resources instead of #passwords. This eliminates the threat of #password stealing via #networksniffing. One of the biggest benefits of #Kerberos is its ability to provide single sign-on (#SSO). Once you log into your #Kerberos environment, you will be automatically logged into other applications in the environment.
To help provide a secure environment, #Kerberos makes use of Mutual #Authentication. In Mutual #Authentication, both the #server and the #client must be authenticated. The client knows that the server can be trusted, and the server knows that the client can be trusted. This #authentication helps prevent man-in-the-middle attacks and #spoofing. #Kerberos is also time sensitive. The tickets in a #Kerberosenvironment must be renewed periodically or they will expire.
Kerberos is a computer network authentication protocol which works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. Its designers aimed it primarily at a client–server model and it provides mutual
authentication—both the user and the server verify each other's identity. Kerberos protocol messages
are protected against eavesdropping and replay attacks.
Network Security: Authentication Applications, Electronic Mail Security, IP Security, Web
Security, System Security: Intruders, Malicious Software, Firewalls
Kerberos is a computer network authentication protocol which works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. Its designers aimed it primarily at a client–server model and it provides mutual
authentication—both the user and the server verify each other's identity. Kerberos protocol messages
are protected against eavesdropping and replay attacks.
Network Security: Authentication Applications, Electronic Mail Security, IP Security, Web
Security, System Security: Intruders, Malicious Software, Firewalls
CISSPills are short-lasting presentations covering topics to study in order to prepare CISSP exam. CISSPills is a digest of my notes and doesn't want to replace a studybook, it wants to be only just another companion for self-paced students.
Every issue covers different topics of CISSP's CCBK and the goal is addressing all the 10 domains which compose CISSP.
IN THIS ISSUE:
Domain 1: Access Control
- Identity Management
- Centralised vs Decentralised Access Control
- Directories
- Single Sign-On
- Kerberos
- Kerberos Process
- Kerberos Weaknesses
- SESAME
Deeper understanding of how Kerberos works . This understanding will work as platform to understand various attacks on it. It also show cases how symmetric key algorithm is used for confidentiality. Some references are from shaun harris CISSP books, primarily the components slide
Network Security: Authentication Applications, Electronic Mail Security, IP Security, Web
Security, System Security: Intruders, Malicious Software, Firewalls
#LibreOffice is a #free and powerful #officesuite, and a successor to #OpenOffice.org (commonly known as #OpenOffice).
Its clean interface and feature-rich tools help you unleash your #creativity and enhance your #productivity. #LibreOffice includes several applications that make it the most versatile #Free and #OpenSource office suite on the market: #Writer (#wordprocessing), Calc (#spreadsheets), Impress (presentations), #Draw (vector graphics and #flowcharts), Base (#databases), and #Math (#formula editing).
#LibreOffice is #community-driven and #developed #software, and is a project of the #nonprofit #organization, The #Document #Foundation. #LibreOffice is free and #opensource software, originally based on #OpenOffice.org (commonly known as OpenOffice), and is the most actively developed OpenOffice.org successor project.
#LibreOffice is developed by users who, just like you, believe in the principles of #FreeSoftware and in sharing their work with the world in non-restrictive ways.
This office suite can easily replace costly paid option available. If you need a good office suite which is easily and freely available you can for sure give a try and.
It has following features/components for making your work easy and cost free and vendor independent:
Writer – word processor
Calc – spreadsheet
Impress – presentations
Draw – diagrams
Base – database
Math – formula editor
Charts
Better #collaboration
#Sharingdocuments and edits with other users have been enhanced and well tracked, to make modifications more clear.
Work faster in Calc
Working with #Spreadsheet has the new #Bash-like autocompletion feature helps you to input data in a snap.
#Barcodes and borders
We can now insert #barcodes into your #documents with just a few clicks
For Full information about the release you can visit if your are interested.
https://wiki.documentfoundation.org/ReleaseNotes/7.3
If you need any help you can reach out here
https://twitter.com/libreoffice
https://blog.documentfoundation.org/
https://www.facebook.com/libreoffice.org
https://twitter.com/AskLibreOffice
What Next :
#LibreOffice 7.4 – is next major release in August, you can try installing and test it and help the developers to find if any bug or issue or need any improvement.
Let's install and explore.
We will now install it in #Ubuntu and explore this a bit
CISSPills are short-lasting presentations covering topics to study in order to prepare CISSP exam. CISSPills is a digest of my notes and doesn't want to replace a studybook, it wants to be only just another companion for self-paced students.
Every issue covers different topics of CISSP's CCBK and the goal is addressing all the 10 domains which compose CISSP.
IN THIS ISSUE:
Domain 1: Access Control
- Identity Management
- Centralised vs Decentralised Access Control
- Directories
- Single Sign-On
- Kerberos
- Kerberos Process
- Kerberos Weaknesses
- SESAME
Deeper understanding of how Kerberos works . This understanding will work as platform to understand various attacks on it. It also show cases how symmetric key algorithm is used for confidentiality. Some references are from shaun harris CISSP books, primarily the components slide
Network Security: Authentication Applications, Electronic Mail Security, IP Security, Web
Security, System Security: Intruders, Malicious Software, Firewalls
#LibreOffice is a #free and powerful #officesuite, and a successor to #OpenOffice.org (commonly known as #OpenOffice).
Its clean interface and feature-rich tools help you unleash your #creativity and enhance your #productivity. #LibreOffice includes several applications that make it the most versatile #Free and #OpenSource office suite on the market: #Writer (#wordprocessing), Calc (#spreadsheets), Impress (presentations), #Draw (vector graphics and #flowcharts), Base (#databases), and #Math (#formula editing).
#LibreOffice is #community-driven and #developed #software, and is a project of the #nonprofit #organization, The #Document #Foundation. #LibreOffice is free and #opensource software, originally based on #OpenOffice.org (commonly known as OpenOffice), and is the most actively developed OpenOffice.org successor project.
#LibreOffice is developed by users who, just like you, believe in the principles of #FreeSoftware and in sharing their work with the world in non-restrictive ways.
This office suite can easily replace costly paid option available. If you need a good office suite which is easily and freely available you can for sure give a try and.
It has following features/components for making your work easy and cost free and vendor independent:
Writer – word processor
Calc – spreadsheet
Impress – presentations
Draw – diagrams
Base – database
Math – formula editor
Charts
Better #collaboration
#Sharingdocuments and edits with other users have been enhanced and well tracked, to make modifications more clear.
Work faster in Calc
Working with #Spreadsheet has the new #Bash-like autocompletion feature helps you to input data in a snap.
#Barcodes and borders
We can now insert #barcodes into your #documents with just a few clicks
For Full information about the release you can visit if your are interested.
https://wiki.documentfoundation.org/ReleaseNotes/7.3
If you need any help you can reach out here
https://twitter.com/libreoffice
https://blog.documentfoundation.org/
https://www.facebook.com/libreoffice.org
https://twitter.com/AskLibreOffice
What Next :
#LibreOffice 7.4 – is next major release in August, you can try installing and test it and help the developers to find if any bug or issue or need any improvement.
Let's install and explore.
We will now install it in #Ubuntu and explore this a bit
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
3. 1. Kerberos is a ticketing-based authentication system, based on the use of
symmetric keys. Kerberos uses tickets to provide authentication to resources
instead of passwords. This eliminates the threat of password stealing via
network sniffing. One of the biggest benefits of Kerberos is its ability to provide
single sign-on (SSO). Once you log into your Kerberos environment, you will be
automatically logged into other applications in the environment.
2. To help provide a secure environment, Kerberos makes use of Mutual
Authentication. In Mutual Authentication, both the server and the client must be
authenticated. The client knows that the server can be trusted, and the server
knows that the client can be trusted. This authentication helps prevent man-in-
the-middle attacks and spoofing. Kerberos is also time sensitive. The tickets in a
Kerberos environment must be renewed periodically or they will expire.
About Kerberos
4. 1. Client: User/system/service which want to call another service/server. E.g : suppose want to access any resource on any service/server which is
Kerberos enabled.
2. Server
1. KDC: This is basically the Key distribution server which has following components:
1. Authentication Server : Authentication Server is the part of the KDC which replies to the initial authentication request from the client, when the
user, not yet authenticated, must enter the password. In response to an authentication request, the AS issues a special ticket known as the
Ticket Granting Ticket, or more briefly TGT, the principal associated with which is krbtgt/REALM@REALM.
2. Ticket Granting Server : Ticket Granting Server is the KDC component which distributes service tickets to clients with a valid TGT, guaranteeing
the authenticity of the identity for obtaining the requested resource on the application servers. The TGS can be considered as an application
server which provides the issuing of service tickets as a service
3. Principle Database : container for entries associated with users and services. We refer to an entry by using the principal, It contains :
1. The principal to which the entry is associated;
2. The encryption key and related kvno;
3. The maximum validity duration for a ticket associated to the principal;
4. The maximum time a ticket associated to the principal may be renewed (only Kerberos 5);
5. The attributes or flags characterizing the behavior of the tickets;
6. The password expiration date;
7. The expiration date of the principal, after which no tickets will be issued.
3. Realm : The term realm indicates an authentication administrative domain. Its intention is to establish the boundaries within which an authentication
server has the authority to authenticate a user, host or service. This does not mean that the authentication between a user and a service that they must
belong to the same realm: if the two objects are part of different realms and there is a trust relationship between them, then the authentication can take
place. This characteristic, known as Cross-Authentication
Components Terms in Kerberos
5. 1. Principal : A principal is the name used to refer to the entries in the authentication server database. A principal is associated
with each user, host or service of a given realm.
2. Ticket : A ticket is something a client presents to an application server to demonstrate the authenticity of its identity. Tickets
are issued by the authentication server and are encrypted using the secret key of the service they are intended for. Since this
key is a secret shared only between the authentication server and the server providing the service, not even the client which
requested the ticket can know it or change its contents.
3. Encryption : Kerberos often needs to encrypt and decrypt the messages (tickets and authenticators) passing between the
various participants in the authentication. It is important to note that Kerberos uses only symmetrical key encryption (in other
words the same key is used to encrypt and decrypt.
1. Kerberos 4 supports DES 56-bit
2. Kerberos 5 supports DES and AES keys with 128 and 256 bit.
4. Salt : This is a string to be concatenated to the unencrypted password before applying the string2key function to obtain the
key. Kerberos 5 uses the same principal of the user as salt: Kuser = string2key ( Puser + "user@REALM.COM" )
5. Key versions number kvno: When a user changes a password or an administrator updates the secret key for an application
server, this change is logged by advancing a counter. The current value of the counter identifying the key version, is known
as the Key Version Number or more briefly kvno.
Components Terms in Kerberos
6. Learning about Kerberos Architecture and Components
Server/Application/Service
which uses need to access
(HDFS/NFS/SSH)
Database
User id/secret key
Service id/secret key
etc
1
2
3
4
5
6
8. 1. Ticket Request from client
2. Ticket Sent from KDC
3. Service Ticket request form Client
4. Service ticket sent from KDC
5. Ticket Presented to Application Server
6. Open access channel for application to access service.
Authentication Flow
9. 1. Shashwat to KDC Hi, I’m Shashwat. Could I have access to the AuthServer?
2. AuthServer to Shashwat Here is your “ticket-granting ticket.” If you aren’t Shashwat, it’s
useless. If you are Shashwat, decrypt this, and come back with the answer.
3. Shashwat to TGS Okay, I figured out your secret. Give me a “service-granting ticket” so I can
talk to server Application_Server_OR_Service.
4. TGS to Shashwat You have it! It’s encrypted using the same mechanism as before, and then
encrypted with Application_Server_OR_Service's password. This ticket will be accepted by
Application_Server_OR_Service for eight hours.
5. Client to Application_Server_OR_Service The KDC gave me this ticket, and it is encrypted
using your password. Please Validate me.
6. Application_Server_OR_Service to Shashwat Hello, Shashwat! I’ve decrypted what you got
from the KDC, I trust the KDC, and he trusts you, so your access is granted.
Steps