[1677] in Kerberos
Re: Kerberos and Trojan Horses
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Wed Dec 18 17:58:44 1991
From: jon@MIT.EDU (Jon A. Rochlis)
To: barnett@crdgw1.ge.com
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of 18 Dec 91 18:54:54 +0000.
Date: Wed, 18 Dec 91 15:14:39 GMT
Kerberos is a network security system. It does not address host trojan
horse issues. That's not to say that such issues are unimportant, just
that they are "beyond the scope" of the threats Kerberos is designed
to meet. Kerberos is intended to build a secure path through an
insecure network for two peers (who can verify each others identity) to
communicate.
As far as I can figure, the only protection is to
a) prevent someone from becoming root on the workstation.
We don't feel this is really practical. All the schemes for doing so
create more problems. If somebody has physical access to a machine
you've got problems.
b) rebooting the workstation when you walk up to it, and
downloading the software from a server.
c) walking around with a disk containing "trusted" software.
Some people around here have been known to both of these things. But
you're just trusting that the boot rom's haven't been switched. Only
a couple of people do this and then not too often.
While we could have trojan horse programs, we haven't had problems of
this variety.
It seems possible to capture a large number of passwords in a short
period of time. Has this been attempted?
The biggest point I want to make is that this has *nothing* to do with
Kerberos. If you let more than one person use a workstation (even in
a serial fashion) then you are at risk. You were at risk before
Kerberos and you're at risk after Kerberos.
-- Jon
