Kerberos and LDAP

Question 1

How does Kerberos help prevent MitM and replay attacks?

Answer 1

With mutual authentication and time synchronization (or expiration) with tickets

Question 2

In which environments is Kerberos used?

Answer 2

Unix and Windows AD

Question 3

Which part in Kerberos issues ticket-granting-tickets and other tickets?

Answer 3

The Key Distribution Center (KDC) or TGT server

Question 4

In Kerberos, why is time synchronization important?

Answer 4

In Kerberos, systems must be synchronized within five minutes of each other in order to timestamp tickets to ensure that they expire correctly.

This helps prevent a replay attack, as an attacker has a limited amount of time to use a ticket.

Question 5

How does a user in Kerberos receive a resource ticket?

Answer 5

The user uses his/her ticket-granting-ticket to receive a ticket to access each resource.

Question 6

What is the function of LDAP?

Answer 6

Lightweight Directory Access Protocol specifies formats and methods to query directories.

Question 7

If an object is identified as “CN=Users,” or “DC=GetCertifiedGetAhead,” which protocol are you using?

Answer 7

LDAP

Question 8

You need to secure LDAP transmissions. Which protocol do you use?

Answer 8

Secure LDAP (establishes connections with TLS)

Question 9

Which LDAP standard is current?

Answer 9

LDAPv3

Question 10

LDAPv2 uses which transport encryption protocol? Which one does LDAPv3 use?

Answer 10

LDAPv2 uses SSL, LDAPv3 uses TLS.