Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) unde

from [Daniel Miessler] Network Security [Permanent Link]
Subject: Re: MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows"
Date: Sun, 30 Oct 2005 05:17:54 -0500 

On Sep 24, 2005, at 4:11 PM, Thor (Hammer of God) wrote:

Rather than getting into how the basic client-server authentication netlogon protocols are vastly different than IPSec channels, please just answer one of the following questions. I'll try to make them very simple.

Scenario: You've got an XP Pro laptop on the Windows network logged on with local credentials. A network resource on a Win2k server somewhere is accessed, requiring new credentials be entered to access the resource. Please tell us exactly how you force the client and server to use "IPSec based auth" to authenticate the request as opposed to LM, NTLM, or NTLMv2. 

Here, let me try:

The issue here is simple: we're trying to authenticate to a Windows system, and IPSEC "authentication" is used to authenticate IPSEC peers, not Windows users. An analogy would be a situation in which authentication is needed for both a secret road to get to work, and then also to enter the building at work. The road authentication doesn't necessarily work for the building. ;)

--
Daniel R. Miessler
M: daniel@dmiessler.com
W: http://dmiessler.com
G: 0x316BC712




Attachment: PGP.sig
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: MSFT Bans insecure hashes - was"Passwords with Lan Manager (LM) under Windows", Daniel Miessler <=
Previous by Date:  RE: distributed scanning, Talisker
Next by Date:  Insecure Hash Algorithms (MD5) and NTLMv2, Daniel Miessler
Previous by Thread:  [Full-disclosure] Security, Hacking & Social Engineering Presentation., Emmanuel Goldstein
Next by Thread:  Insecure Hash Algorithms (MD5) and NTLMv2, Daniel Miessler
Indexes:  [Date] [Thread] [Top] [All Lists]