Addressing Kerberos Weaknesses and Enhancing Access Control Support

A.

Secure European System for Applications in a Multi-vendor Environment (SESAME) was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys and provides additional access control support.

ISC OIG Second Edition, Access Controls, Page 111

The correct answer is A. SESAME.

SESAME (Secure European System for Applications in a Multi-vendor Environment) is a security protocol that was developed to address some of the weaknesses in Kerberos, which is a widely used authentication protocol. SESAME uses public key cryptography to distribute secret keys and provides additional access control support.

Kerberos is vulnerable to certain types of attacks, such as replay attacks and dictionary attacks, which SESAME was designed to address. SESAME uses public key cryptography to distribute secret keys, which makes it more resistant to attacks than Kerberos. In addition, SESAME provides additional access control support, which allows for more granular control over access to resources.

RADIUS (Remote Authentication Dial-In User Service) and TACACS+ (Terminal Access Controller Access-Control System Plus) are also authentication protocols, but they were not developed to address weaknesses in Kerberos. RADIUS is typically used for remote access authentication, while TACACS+ is used for network device authentication.

KryptoKnight is not an authentication protocol or a security protocol. It is a fictional superhero from the DC Comics universe.

In summary, SESAME was developed to address some of the weaknesses in Kerberos and uses public key cryptography for the distribution of secret keys, making it more resistant to attacks. It also provides additional access control support, allowing for more granular control over access to resources.