A security architect is implementing an authentication system for a distributed network of servers. This network will be accessed by users on workstations that cannot trust the identity of the user. Which solution should the security architect use to have the users trust one another?
Kerberos is a network authentication protocol that provides mutual authentication between clients and servers in a distributed network. It achieves this by using secret-key cryptography, which involves a trusted third-party known as the Key Distribution Center (KDC). By issuing tickets that users and services must present to authenticate each other, Kerberos helps ensure that both parties in a communication session are indeed who they claim to be. This system inherently builds trust among users in a distributed network by verifying identities before granting access.
Mutual authentication should be used for communication between servers and workstations if the user identity cannot be trusted. For example: Mutual authentication is authentication between servers and workstations with the help of CA and certificates issued for workstations. If the workstations are used by multiple staff, then the workstation should be verified by checking the certificate on the workstation. If trust should be established through the workstation for a user, then it could be via single session software tokens by MFA but this question is about trust between server and workstation.
C is correct
I go with B. Kerberos is a network authentication protocol that provides mutual authentication between clients and servers in a distributed network.
I rectify, the correct answer is C. The question is about the user trust
Answer should be B, Kerberos... C. Mutual authentication is the concept where both parties in a communication session verify each other's identities, which is indeed crucial for ensuring trust between users in a distributed network. B. Kerberos specifically implements mutual authentication among its features. Therefore, while mutual authentication (C) is the principle, Kerberos (B) is the practical implementation of that principle.
I dont understand what I just read, the last statement says, "Which solution should the security architect use to have the users trust one another?". Does this mean how to get users to trust each other instead of users trusting the servers??? If its the latter, B should be more correct as B uses methods in C as well which contains public key exchange.
Users trust one another: Mutual authentication
C. Mutual authentication Mutual authentication, also known as two-way authentication, is a security mechanism in which both the server and the client (users in this case) authenticate each other. This means that not only does the server verify the identity of the user (workstation), but the user (workstation) also verifies the identity of the server. This mutual trust helps ensure that both parties are legitimate and can trust each other.
B Kerberos is the answer