With the rise of cyber attacks, the risks for systems utilizing Active Directory (AD) are increasing. One of the significant vulnerabilities that remains is Kerberoasting, an attack that targets the protocol.
Consider a scenario where a computer (client) seeks to access a specific service, such as email, on another computer (server). To ensure that the user has the authorization to access the service, Kerberos employs a specialized component called Key Distribution Center (KDC). The KDC stores secret keys for all users and services and can issue “tickets” for access.
When a user attempts to log into the system, their computer sends a request to the KDC for a ticket. The KDC verifies the authentication data and, if everything checks out, issues a ticket. This ticket is then utilized to verify the user’s identity when interacting with the service.
One of the key strengths of Kerberos is its capability to provide mutual authentication. This means that not only does the user confirm their identity, but the service can also validate the user’s security. This system plays a crucial role in thwarting attacks where the perpetrator tries to impersonate a service.