The site philosophy can be expressed as fail open / fail closed /fail safe /
fail deadly...
From: Brent Kimberley
Sent: Wednesday, March 13, 2024 5:41:58 PM
To: Simo Sorce ; Yoann Gini ; Ken
Hornstein
Cc: kerberos@mit.edu
Subject: RE: Looking for a "Kerberos
To the best of my knowledge, all IPV6 ports should be closed by design and only
opened if/when approved.
-Original Message-
From: Kerberos On Behalf Of Simo Sorce
Sent: Wednesday, March 13, 2024 4:48 PM
To: Yoann Gini ; Ken Hornstein
Cc: kerberos@mit.edu
Subject: Re: Looking for a
[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protoco
https
learn.microsoft.com/en-us/openspecs/windows_protocols/ms-kkdcp/5bcebb8d-b747-4ee5-9453-428aec1c5c38?source=recommendations
1 Introduction
The Kerberos Key Distribution Center (KDC) Proxy Protocol (KKDCP) is used by an
A message queue is typically a better way to synchronize a cluster.
The bonus is that you can track adds, deletes, and modifies via historian.
Anchors in Relative Time!?
-Original Message-
From: Kerberos On Behalf Of Ken Hornstein via
Kerberos
Sent: Monday, March 4, 2024 10:56
Correction:
- Physical systems tend to wear out + fail spectacularly.
- Cyber systems tend to fail silently + inconveniently
- CPS systems tend to wear out + fail spectacularly + fail silently +
inconveniently (case in point colonial pipeline)
The purpose of said tools is to evaluate & maintain
The purpose of non-destructive testing is to validate form/fit/function -
across the entire operational mission/ asset lifecycle/ whatever - contrasted
with the STIG/CIS benchmark which throws the real problems "over the wall" to
Ken H.
Using the outputs, the lifecycle manager constructs their
At higher levels it falls under "Non Destructive testing".
-Original Message-
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:12 PM
To: 'kerberos@mit.edu' ; 'k...@cmf.nrl.navy.mil'
Subject: RE: Protocol benchmarking / auditing inquiry
This approach is taught in first year
This approach is taught in first year engineering.
-Original Message-
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:10 PM
To: kerberos@mit.edu; k...@cmf.nrl.navy.mil
Subject: RE: Protocol benchmarking / auditing inquiry
Ken.
The term Frame of Reference is a Cyber Physical
Ken.
The term Frame of Reference is a Cyber Physical system (CPS) term.
For those who work in the cyber subset, the term is "interface".
Regardless of what you call it.
You take the system diagram and evaluate using each major interface or Frame of
Reference.
The STIG or CIS benchmark is just
Minor comment the CIS Benchmark appears to have been written from the system
administrator's frame of reference - not the network frame of reference (FoR).
Typically, each frame of reference (FoR) needs to be audited. Hence the need
for automation.
-Original Message-
From: Christopher
To the best of my knowledge" Krb5i provides integrity whereas Krb5p provides
confidentiality, integrity, and replay protection.
"Walk tool" finding could map to a radar chart.
In other news, Matthew Palko plans to modernize authentication.
Hi Christopher.
Yes. You are correct. Peer reviewed installation readiness documents like the
CIS MIT benchmark are a good "first step."
I was asking pointers to the rest of the lifecycle suite - specifically "walk".
Crawl
=
Installation readiness documents
e.g., CIS MIT Kerberos
Preferably something smaller and more focused than nmap or OpenSCAP.
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 12:44 PM
To: kerberos@mit.edu
Subject: Protocol benchmarking / auditing inquiry
Hi.
Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
For
Hi.
Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
For example, SSH:
Manual
Read the RFCs and specs.
Semi-automatic.
jtesta/ssh-audit: SSH server & client security
auditing
14 matches
Mail list logo