What does kerberos actually encrypt in AD

Robbo777Robbo777 Member Posts: 331 ■■■□□□□□□□
in MCSA / MCSE on Windows 2012 General
With regards to kerberos, i know the whole procedure of granting tickets with the TGS and TGT's but i'm actually still left wondering...

What kerbrous actually encrypts besides using tickets for services. Does it encrypt a whole users session or DC replication?

Where do i activate the feature in group policy to use kerberos?? I'm still not sure

There are options in the accounts section of a user to use kerbrous 128bit, they're unchecked though by default. Is this for encrypting a users session
· Share on FacebookShare on Twitter

Comments

  • OctalDumpOctalDump Member Posts: 1,722
    IT encrypts only the Kerberos traffics. You can use Kerberos as part of initiating IPSec tunnels. Kerberos handles the "who are you, what can you do" and other systems then take care of the rest. Kerberos basically determines whether the two systems will trust each other to talk, but not whether when they talk that it is encrypted or how.

    What data is encrypted, and how, usually depends largely on the application itself. Many applications will use TLS/SSL to create that secure session tunnel. A lot more traffic will just be unencrypted. If you want all net traffic encrypted, then IPSec is the way to go.
    2017 Goals - Something Cisco, Something Linux, Agile PM
    · Share on FacebookShare on Twitter
  • iBrokeITiBrokeIT Member Posts: 1,318 ■■■■■■■■■□
    Great videos explaining the Kerberos Authentication process:

    https://www.cybrary.it/video/access-control-part-2-1/
    https://www.cybrary.it/video/access-control-part-2-2/
    2019: GPEN | GCFE | GXPN | GICSP | CySA+ 
    2020: GCIP | GCIA 
    2021: GRID | GDSA | Pentest+ 
    2022: GMON | GDAT
    2023: GREM  | GSE | GCFA

    WGU BS IT-NA | SANS Grad Cert: PT&EH | SANS Grad Cert: ICS Security | SANS Grad Cert: Cyber Defense Ops SANS Grad Cert: Incident Response
    · Share on FacebookShare on Twitter
  • Robbo777Robbo777 Member Posts: 331 ■■■□□□□□□□
    iBrokeIT wrote: »
    Great videos explaining the Kerberos Authentication process:

    https://www.cybrary.it/video/access-control-part-2-1/
    https://www.cybrary.it/video/access-control-part-2-2/

    You have to be a registered member to watch those unfortunately! Assuming there are fees attached to?
    · Share on FacebookShare on Twitter
  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    "Lucky for you membership is FREE at Cybrary IT...forever."
    · Share on FacebookShare on Twitter
  • NetworkNewbNetworkNewb Member Posts: 3,298 ■■■■■■■■■□
    Robbo777 wrote: »
    You have to be a registered member to watch those unfortunately! Assuming there are fees attached to?

    Assumption, the mother of all...
    · Share on FacebookShare on Twitter
  • Robbo777Robbo777 Member Posts: 331 ■■■□□□□□□□
    Haha, true! But its usually the case with sites like that. Thats where the instinctive dreaded assumption came in.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.