Is Kerberos prone to Brute Force attack?

Hi, I have been to many discussion groups and was recently directed to you for this question. My question is -...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

I know this place is known for experts - so I am counting on you for the right answer.

Kerberos is vulnerable to Password guessing as it cannot detect a dictionary attack. So when we are talking about Kerberos, let me tell you some more weaknesses too:

It Provides Authentication, confidentiality and integrity, but not availability or non-repudiation (as it uses Symmetric Keys).
The KDC is a single Point of failure. If compromised, the integrity of the whole network is compromised.
Secret Keys are stored on User's Workstations. Even the session keys are stored on user?s workstations in cache or key tables.
Hope this is what you were looking for. Let me know if you need any more information.
-Puneet

Dig Deeper on Network Security Monitoring and Analysis

Old Microsoft Kerberos vulnerability gets new spotlight A new blog post detailed authentication vulnerabilities in Microsoft Kerberos that cannot be patched and could lead to attackers having free rein over systems.

Kerberos: Authentication with some drawbacks Kerberos is one of the most-widely used authentication methods today, but experts explain that it comes with some weaknesses.

Kerberos authentication for network login on non-Windows networks Windows can be configured to use Kerberos authentication for network login on non-Windows networks. Find out how in this tip.

LM de-emphasized, NTLMv2 emphasized in Vista Vista introduces a rather new but good authentication method for your network security, so says Mark Minasi. Check out this latest excerpt from his book, "Administering Windows Vista Security: The Big Surprises."

Managed passwords: Thought you knew them all? The Managed Passwords component for the Windows XP and 2003 servers can allow access to remote resources on systems that aren't part of your default domain, a useful tool if you administer computers or servers remotely.

Related Q&A from Puneet Mehta

Where can I find Puneet Mehta's most recent network security advice?

To view network security expert Puneet Mehta's latest advice, see his Public Profile on the IT Knowledge Exchange: https://... Continue Reading

How do VPN concentrators and network access servers (NAS) differ?

Find out if there's a difference between a virtual private network (VPN) concentrator and a network access server (NAS) in this explanation from our ... Continue Reading

What keeps unauthorized users from accessing my IP address/Internet?

Our network security expert explains how to keep unauthorized users from accessing your router's IP address for Internet access in this advice ... Continue Reading

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

Please create a username to comment.

Zoom Chat update takes vendor further beyond video

Enhancing communications with a UC-contact center integration

Cisco cries foul over security flaw in Zoom Connector

Compare Intune alternatives to Intune for mobility management

Deploy kiosk devices with the Managed Home Screen Android app

New Outlook features appeal to users on the go

Top 4 open source automation tools for admins

U.S. facility may have best data center PUE

Increase efficiency with data center temperature monitoring

4 SD-WAN vendors integrate with AWS Transit Gateway

Intel partner marketplace to drive ecosystem collaboration

Desktop-as-a-service combo targets channel via Ingram Micro

Dig Deeper on Network Security Monitoring and Analysis

Related Q&A from Puneet Mehta

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.