Table of Contents
    Home / Definitions / Kerberos
    Security 3 min read

    Kerberos is a computer network authentication protocol used for service requests over an untrusted network like the internet. It is the default authentication protocol used by Microsoft Windows and is also used in implementations of Linux, Apple OS, UNIX, and FreeBSD.

    Using a mechanism that combines cryptography and third-party authentication applications, the protocol makes it difficult for cybercriminals to penetrate or hack the network Developed by the Massachusetts Institute of Technology (MIT), Kerberos’s security has made it the go-to network authenticator for websites over different platforms do to its proficiency at preventing eavesdropping on network traffic by bad actors.


    How does Kerberos work?

    In order to enable two parties to exchange private information across an otherwise open network, Kerberos assigns a unique key, called a ticket, to each user that logs on to the network. The ticket is then embedded in messages to identify the sender of the message. The protocol’s core components include the client, server, KDC, authentication service (AS), and ticket server (TGS). The client is the user that initiates the communication for the service request. The service that is being requested by the user is hosted on the server. The client authentication is performed by the AS, which issues the ticket through the TGS if the client is successfully authenticated. The KDC is used to house the database, AS, and TGS.

    What are the benefits for business?

    Kerberos has become the leading network authentication protocol for businesses as it offers several benefits. One of its key advantages is a proven track record of success in a variety of different applications. With its strong encryption mechanism, hackers have an extremely difficult time infiltrating the network. Another key benefit for businesses is that Kerberos excels in the security of single-sign-on (SSO) which is highly common in a connected workplace. Businesses can invest in Kerberos knowing that it is here to stay as there are no real contenders or technology s in the market to replace Kerberos.

    How safe is Kerberos?

    No security protocol is 100% safe, and even Kerberos is vulnerable to a cyberattack. The popularity and longevity of Kerberos make it a common target by hackers, who have tried different methods to infiltrate the network. Some hackers have tried to forge tickets and make repeated attempts to break passwords, Despite the unwavering efforts of hackers, Kerberos remains an excellent security protocol for networks. Too, common-sense security strategies like micro-segmentation and zero trust are critical steps IT professionals implement to secure network traffic between clients and servers.

    What does Kerberos mean?

    The name is derived from Cerberus, the three-headed dog in Greek mythology who guards the entrance to the underworld. In the case of the security protocol, the “three heads” refer to the client, server, and the key distribution center (KDC).