Crushing the Security+

A friend asked for assistance with understanding the answers to questions 2 and 3. See below for what I shared and use this method to quickly understand concepts and ideas for CompTIA Security+ and other cybersecurity exams.

The method I used is to type a concept into Google along with another concept that I clearly understand. For this, I typed in, “Kerberos and Time”.

Wikipedia

#2 Kerberos

Kerberos authentication uses time stamps as part of its protocol. When the clocks of the Kerberos server and your computer are too far out of synchronization, you cannot authenticate properly. Both the Kerberos server and the Kerberos client depend on having clocks that are synchronized within a certain margin. This margin is normally 5 minutes.

The Date and Time on a machine running Microsoft Windows will need to be “accurately” set. If the date or time is off “too far”, Kerberos authentication will not work.

CHAP and PAP differ in several ways, most notably being that CHAP is more secure than PAP.

#3 CHAP

The Challenge-Handshake Authentication Protocol (CHAP) is an identity checking protocol that periodically re-authenticates the user during an online session. Properly implemented CHAP is replay attack resistant, and far more secure than the Password Authentication Protocol (PAP).

CHAP does not rely on transmitting mutual secrets between the service and the party requesting access. It depends on the establishment of a shared secret however to access a service, the person requesting access and the service conduct a cryptographic exchange, or “handshake”. Subsequent challenges are then sent from the service to the already-connected party allowing

Example: “Replay attacks haven’t been an issue lately. Our Point-to-Point Protocol (PPP) servers are using CHAP intermittently, so hackers are unable to mimic legitimate requests.” https://www.youtube.com/watch?v=Pq6x_aVaLc4