Archive for January, 2009

Kerberos and Active Directory

Thursday, January 15th, 2009 by hartmans

The Kerberos Consortium, Padl Software, Interisle and Painless Security have been working on adding support for various Active Directory features into MIT Kerberos’s upcoming 1.7 release. I think this project will bring a lot of much needed functionality to MIT Kerberos, and will support the use of Kerberos as a tool in other larger systems.

The project has brought together a lot of players: it wouldn’t have been possible without the efforts of Microsoft, Samba, Novell and several others I’m probably forgetting. It’s great to see such an interest in interoperability that all these parties can work together.

For me, it has been a different approach. I’m used to doing a fair bit of design work up front, understanding what is being delivered, and then working on the code. For a variety of reasons we took a different approach here. Every morning I’d wake up to a new chunk of code to review, evaluate and present to the Kerberos development community. I’d describe the design of the code in order to seek comments and if changes were justified, we’d work to make them. For much of the project, code was coming in faster than I could evaluate it. This meant it was a high-stress and exhilarating project. In other words, it was great fun!

There’s one thing that worries me about this focus on Active Directory. Sure, everyone needs to work with Microsoft. First, it is a market reality. Secondly, Microsoft has brought some great innovative thinking to the realm of network security and we should all take advantage of it. However, it seems that most of the players are only focused on supporting Microsoft features and are ceding the entire space to Microsoft. No one else is working on open standards for expressing authorization. The entire PAC structure, how entities are named, how they belong to groups and how this all interacts in a directory is defined by Microsoft. As a result, Microsoft is in a position to add new technology. However with the current approaches, no one else has this ability. That means, Microsoft will always be one step ahead.

I think it is important that that we all look at how we can embrace and extend Microsoft technology, while maintaining the ability to work together and to work with Microsoft. Doing this is going to require a lot of work but is essential for the continued innovation of network security.

Ignoring Security makes it Better

Thursday, January 15th, 2009 by hartmans

The past few months have been busy, although there hasn’t been a lot of things that it made sense to blog about. I’ve been working on something Kerberos related which I will discuss shortly and a couple of requirement analysis/design projects. It is enjoyable to get back into designing new products; it has been a while since I’ve gotten to focus on that.

The other day, I was trying to send some financial information to my accountant. I didn’t want to send it unencrypted, so I gave him an HTTPS URI to a website I set up with the information. He ran into trouble downloading the file: it took a long time and was corrupted on receipt. As best I can tell, there is something wrong with his networking or firewall.

He suggested that I upload the information to a “secure” FTP site. I looked at the FTP server; as best I can tell, it doesn’t support TLS, SSL or any other form of encryption. I think it may be secure in that it is identified by an IP address rather than a hostname and that it is used for sensitive information.

By this point, we were getting fairly frustrated. His IT staff had spent significant time on the issue at a very busy time of year for accounting firms. I’m a small client. I was investigating the email path between us, wondering if I should just give up on privacy and send the information unencrypted. I noticed that the mail server supported starttls, a mechanism for transporting mail encrypted between two systems. I checked; the email I had been sending to him was actually encrypted. Obviously, there are differences in the security guarantees you get by sending something encrypted between your computer and the next hop with a hop-by-hop protocol like SMTP and those you get with an end-to-end encrypted TLS connection for a website. Of course you also don’t know how information is handled once it is received or how reasonable it is to trust the receiving system. Still, hop-by-hop encrypted email was good enough for my purposes.

I like this story because it’s one of those cases where security and usability align. By not thinking about security at all, I would have achieved protections that were adequate to my task. It’s great to be reminded that with today’s software that does happen. However it also illustrates the disconnect between actual security and the perception of security. Had I taken the extra steps of using the FTP site, most people would have viewed that as steps designed to better protect my sensitive information. However, as far as I can tell, it would have had the opposite effect. And, of course, we’re reminded that even when we expect a solution to be useable (like my https website), it may turn out not to be.As security engineers it is very easy to make assumptions about the usability of our work and hard to get it right without testing.