Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ADS Password Storage Protection

from [Eoin Miller] Network Security [Permanent Link]
Subject: Re: ADS Password Storage Protection
Date: Mon, 17 Jul 2006 13:39:49 -0400
rolando_ruiz@jetaviation.com wrote: 
I'm looking for best practice ways of protecting access to password
storage in Active Directory. I have some immediate questions:

Where exactly are passwords kept?
Are these passwords kept in plain text?
How can I protect these passwords from being hacked? (Encryption,
restrictions, etc...)

Thank you in advanced 

________________________________

Jet Aviation Holdings, Inc.
Rolando Ruiz


---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: 

http://www.sensepost.com/training.html
---------------------------------------------------------------------------

You will want to ensure that passwords are not stored using reversible encryption (by default they are not). This is generally only required if you are configuring a RADIUS server that will use CHAP for authentication. More information on reversible encryption settings for Windows password policies can be found here:

http://technet2.microsoft.com/WindowsServer/en/Library/eeff044c-d4a8-4699-a4b8-c5e563118c931033.mspx?mfr=true

I would also review the Windows Server 2003 Security guide starting around page 33. That is where they begin discussing password policy. It is available here:

http://www.nsa.gov/snac/os/win2003/MSCG-001R-2003.pdf

--Eoin

---------------------------------------------------------------------------
This list is sponsored by: SensePost

Hacking, like any art, will take years of dedicated study and practice to master. We can't teach you to hack. But we can teach you what we've learned so far. Our courses are honest, real, technical and practical. SensePost willl be at Black Hat Vegas in July. To see what we're about, visit us at: 

http://www.sensepost.com/training.html
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Windows EFS and Changing a Local Account Password, Thomas D.
Next by Date:  Security Awareness, razk
Previous by Thread:  Re: ADS Password Storage Protection, Neil
Next by Thread:  Re: RE: ADS Password Storage Protection, winshel
Indexes:  [Date] [Thread] [Top] [All Lists]