Ehlo.
On Wed, Feb 14, 2024 at 05:43:47PM +, Brent Kimberley via Kerberos wrote:
> Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
A short while ago I submitted a PR[1] for the Lynis project that does
something like that. I also started documenting some of my own
tain asset health - over time.
(PDCA)
-Original Message-
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:49 PM
To: kerberos@mit.edu; k...@cmf.nrl.navy.mil
Subject: RE: Protocol benchmarking / auditing inquiry
The purpose of non-destructive testing is to validate form/fit/func
. This approach and it's benefits
are very well documented and might even be applicable to Navy C4ISR.
To tie a bow on this thread:
How can we make Kerberos safe?
-Original Message-
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:19 PM
To: kerberos@mit.edu; k...@
>This approach is taught in first year engineering.
Geez dude, no need to drag me; I'll be the first one to admit that I'm old
and don't know everything! Back in my day our curriculums didn't cover
any computer security topics at all.
But I stand by my original statements: I, personally, have
At higher levels it falls under "Non Destructive testing".
-Original Message-
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:12 PM
To: 'kerberos@mit.edu' ; 'k...@cmf.nrl.navy.mil'
Subject: RE: Protocol benchmarking / auditing inquiry
This approach is taught in
This approach is taught in first year engineering.
-Original Message-
From: Brent Kimberley
Sent: Thursday, February 15, 2024 12:10 PM
To: kerberos@mit.edu; k...@cmf.nrl.navy.mil
Subject: RE: Protocol benchmarking / auditing inquiry
Ken.
The term Frame of Reference is a Cyber Physical
r.
--Ken
-Original Message-
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 3:24 PM
To: Christopher D. Clausen ; kerberos@mit.edu
Subject: RE: Protocol benchmarking / auditing inquiry
Minor comment the CIS Benchmark appears to have been written from the system
administrator's
>Minor comment the CIS Benchmark appears to have been written from the
>system administrator's frame of reference - not the network frame of
>reference (FoR). Typically, each frame of reference (FoR) needs to be
>audited. Hence the need for automation.
I can only say this:
- I've been doing
D. Clausen
Sent: Wednesday, February 14, 2024 2:10 PM
To: Brent Kimberley ; kerberos@mit.edu
Subject: Re: Protocol benchmarking / auditing inquiry
[You don't often get email from cclau...@acm.org. Learn why this is important
at https://aka.ms/LearnAboutSenderIdentification ]
I have used
/windows-it-pro-blog/the-evolution-of-windows-authentication/ba-p/3926848
-Original Message-
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 2:20 PM
To: Christopher D. Clausen ; kerberos@mit.edu
Subject: RE: Protocol benchmarking / auditing inquiry
Hi Christopher.
Yes. You are
==
A focused service.
-Original Message-
From: Christopher D. Clausen
Sent: Wednesday, February 14, 2024 2:10 PM
To: Brent Kimberley ; kerberos@mit.edu
Subject: Re: Protocol benchmarking / auditing inquiry
[You don't often get email from cclau...@acm.org. Learn why this is importan
ley
Sent: Wednesday, February 14, 2024 12:44 PM
To: kerberos@mit.edu
Subject: Protocol benchmarking / auditing inquiry
Hi.
Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
For example, SSH:
Manual
Read the RFCs and sp
Preferably something smaller and more focused than nmap or OpenSCAP.
From: Brent Kimberley
Sent: Wednesday, February 14, 2024 12:44 PM
To: kerberos@mit.edu
Subject: Protocol benchmarking / auditing inquiry
Hi.
Can anyone point me to some methods to benchmark and/or audit Kerberos v5
Hi.
Can anyone point me to some methods to benchmark and/or audit Kerberos v5?
For example, SSH:
Manual
Read the RFCs and specs.
Semi-automatic.
jtesta/ssh-audit: SSH server & client security
auditing
14 matches
Mail list logo
