Saturday, June 19, 2010

Advantages of Kerberos over NTLM

As you may know, prior to Windows 2000, NTLM was the primary authentication protocol in Windows Server, and Windows 2000 onwards and beyond, Microsoft made Kerberos the native authentication protocol.

The Kerberos protocol is obviously not only an industry standard but as such offers numerous advantages over NTLM, some of which include -
  • Mutual Authentication - This means that not only can clients authenticate to a server, but that the client can request that the server too authenticate itself to the client, and this undoubtedly helps enhance security by ensuring that clients authenticate themselves to genuine servers.

  • Faster Authentication -The use of the TGTs substantially enhances the speed with which authentication can take place in distributed systems, and this certainly facilitates more efficient and secure network accesses across the enterprise.

  • Support for Delegation - Kerberos enabled security delegation, which essentially allows a server to impersonate a client when accessing remote resources, and this really helps provide trustworthy security in multi-tier application scenarios.

  • Support for PKI Integration - Through the Kerberos PKINIT extension, Kerberos provides support for smartcard logons, and this substantially enhances security because it obviates the need for passwords, allowing the use of smart-cards in lieu.

All in all, Kerberos really makes Windows Server powerful enough to provide enterprise grade distributed security, and in fact today its use is so ubiquitous and prevalent across the world.

Wednesday, May 12, 2010

Kerberos Authentication in Windows Server based IT Infrastructures

If you're reading this blog, you probably know what Kerberos is. (It is the native authentication protocol used in Microsoft Windows Server based IT infrastructures and it facilitates distributed security in these IT infrastuctures.)

In fact, without Kerberos authentication, single-sign-on would largely not be possible in a Windows Server based environment, and the thousands of distributed security accesses that organizational employees engage in every day, whether sending email, navigating to an intranet portal or accessing a file on a server, would largely be much harder and certainly not seamless.

In this blog, I plan to take a look at numerous vital aspects of Kerberos, so IT admins can better understand its importance, identify how to configure and manage it, and learn about some cool tips and tricks that could optimize performance and enhance security.

Should you have any questions, you can leave your question via a comment.

Thanks,
Aaron