have introduced Kerberos | My Assignment Tutor

Case Study: DO YOU NEED KERBEROS? Solaris 8 Security by Edgar Danielyan © 2020 O’Reilly Media, Inc. Terms of Service / Privacy Policy ——————————————————————————————————————— Now that I have introduced Kerberos, it is time to decide whether you need it. This question is not as simple as it might seem at first glance. It’s true that Kerberos provides more secure authentication than that provided by traditional UNIX password authentication systems. But at the same time, it introduces other issues. The two most important issues are the burden of administering Kerberos (mainly, the Kerberos server) and the need for Kerberized (Kerberos-aware) software (both client and server software). So, unlike some other technologies that are appropriate in almost all cases, Kerberos is not always appropriate in all circumstances. The purpose of this section is to help you decide whether your site or network needs Kerberos—that is, whether the pros of using Kerberos outweigh the cons. In brief, you might profit from deploying Kerberos if: There are many users and machines on your networkYou need a single sign-on systemYou need centralized management of accessKerberos software is available for all your machines—clients and servers alikeYou can dedicate two secure machines, preferably on different subnets, to be Kerberos servers In deciding whether you need Kerberos, keep in mind that other security technologies and systems (such as IPsec and Secure Shell) exist, and that they might be the correct choice in your case. Conflicts and overlaps between different technologies and software should also be considered. To illustrate these points, the following sections contain three case studies that should help you evaluate your need for Kerberos. Case Study 1 Optimized Software Inc. is a small software development company specializing in hardware-dependent software. They have about a dozen different machines with different operating systems linked in an Ethernet network. Some of them run proprietary operating systems and do not support Kerberos, and a few others run UNIX (including Solaris) and support Kerberos. The systems are used only for software development and testing and are not connected to any external network, including the Internet. The company has an ISDN Internet connection only from a shared Macintosh computer. Five software developers working on these systems are all professional system programmers and very often need complete access to systems to test and debug their applications. You are one of these developers and the network administrator inter alia, and your goal now is to decide whether you would benefit from Kerberos. To see whether you need Kerberos, let’s evaluate the circumstances by answering yes or no to the previously mentioned statements: There are many users and machines on your network: No. A dozen machines and five developers are not “many.” You need a single sign-on system: No. There is no need for a single sign-on system. You need centralized management of access: Absolutely not. Kerberos software is available for all your machines—clients and servers alike: No. Only some systems have Kerberos support. You can dedicate two secure machines, preferably on different subnets, to be Kerberos servers: No. There are no available secure machines, much less different subnets, for use as Kerberos servers. As you can see, it is clear that in this case Kerberos is absolutely unnecessary and would only create more problems if deployed. Case Study 2 A research institute with a TCP/IP Local Area Network (LAN) and about 100 employees is using a homogeneous Solaris 8 network. In addition, there is an onsite remote access facility so that researchers can dial in from remote locations to access their applications and data via text-only terminals or terminal emulation. All systems are located in a secure building with an uninterruptible power supply. The LAN is connected through a firewall and a Network Address Translation/Port Address Translation (NAT/PAT) box to the Internet. Applications are mostly from Sun Microsystems.Would Kerberos be beneficial in this situation? There are many users and machines on your network: Yes. You need a single sign-on system: Yes. A single sign-on system will be welcomed by the staff. They will have to log in only once instead of providing a username and password every time. You need centralized management of access: Yes. Central management would greatly simplify network administration in this organization. Kerberos software is available for all your machines—clients and servers alike: Because all systems run Solaris 8, they all support Kerberos. You can dedicate two secure machines, preferably on different subnets, to be Kerberos servers: Two Solaris 8 machines may be dedicated to be Kerberos servers in different parts of the building. Rooms where they will be located will be under lock and key and will have motion sensors linked to the building’s security system. In this case, Kerberos will be a welcome change in the network, providing a single sign-on facility and centralized network management. Case Study 3 Remote Web Hosting Limited is a web hosting service provider. They employ a staff of 10, including six system administrators for managing their web and e-mail servers located at a secure co-location facility on the other end of the city. Physically the staff is located in a downtown office, linked with the co-location facility by a high-speed link running IP. They need a flexible, lightweight, secure solution for logging in to their UNIX systems (which all support Kerberos), administering them, and transferring files back and forth. Most of the time, they use the UNIX shell, but sometimes they have to launch X Windows applications remotely. By using the criteria mentioned earlier, decide whether Kerberos is appropriate for this company and, if not, what software or technology would do the job. There are many users and machines on your network: No. There are only six people and few servers. You need a single sign-on system: No. There is no need for a single sign-on system. You need centralized management of access: Not necessarily. Kerberos software is available for all your machines—clients and servers alike:Yes. You can dedicate two secure machines, preferably on different subnets, to be Kerberos servers: No. Kerberos is inappropriate in this case. The technology and software that would fit the picture, provide the required functionality, and at the same time not create unnecessary inconvenience is the Secure Shell (SSH). This will provide secure remote access in both text-only and X Windows mode, as well as secure file transfer.

QUALITY: 100% ORIGINAL PAPER – NO PLAGIARISM – CUSTOM PAPER

Leave a Reply

Your email address will not be published. Required fields are marked *