systems by disabling LM authentication

 Requiring your users to use complex passwords and enforcing that policy is useless if you authenticate and locally store easily cracked password files.


By default, Windows NT, 2000, and XP locally store legacy LAN Manager (LM) password hashes (LANMAN hashes). LM uses a weak encryption scheme to store passwords, and hackers can usually crack it in a very short period of time.

Windows stores LM hashes in the Security Account Manager (SAM) database. By default, clients have LAN Manager authentication enabled, and servers accept this authentication.

This allows workstations to send weak LM hashes across the network, making Windows authentication vulnerable to packet sniffing and reducing the amount of effort an attacker must expend to crack user passwords.

To disable this ability and better secure your workstations, follow these steps:


  1. Go to Start | Run, and enter Regedit.
  2. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\ control\LSA.
  3. Find the LMCompatibilityLevel value.

Comments

Post a Comment

Popular posts from this blog

Bridging Network importance in cyber operations

  There are several ways to hook up individual computers into a network. One is to use hardware routers to link up the network segments. If you buy hardware bridges, those will also connect the computers with each other. In Windows XP, simply clicking the "Bridge Connections" icon joins parts of a network together, even if the parts use different media to link their segments. Advantages Using a router or a hardware bridge requires buying more equipment to connect your computers. With a wireless router, each computer and network segment needs its own Internet Protocol (IP) address in order to direct data to the right computer. Both methods may require an IT professional or experienced amateur to connect everything properly. With Windows XP, building a bridging connection requires just a few clicks of your mouse in the right places. Bridging To make a bridge, you must log in as an administrator on your network or your computer. Click the computer's "Control Panel,"
Read more

Open Systems Interconnection

Different communication requirements necessitate different network solutions, and these different network protocols can create significant problems of compatibility when networks are interconnected with one another. In order to overcome some of these interconnection problems, the open systems interconnection (OSI) was approved in 1983 as an international standard for communications architecture by the International Organization for Standardization (ISO) and the International Telegraph and Telephone Consultative Committee (CCITT). The OSI model, as shown in the figure, consists of seven layers, each of which is selected to perform a well-defined function at a different level of abstraction. The bottom three layers provide for the timely and correct transfer of data, and the top four ensure that arriving data are recognizable and useful. While all seven layers are usually necessary at each user location, only the bottom three are normally employed at a network node, since nodes are conc
Read more

How to Improve your Windows Deployment Strategy

  Computers in the enterprise world require being up-to-date. This means IT teams need to be able to have a solid OS deployment plan for all the employees. With so many scenarios, it’s important that the plan be flexible as well as functional. Luckily, Microsoft offers many options of deployment to help cater for the wide range of scenarios. This post will briefly discuss the comparison between some of traditional deployment methods: WDS, MDT, SCCM. WDS Windows Deployment Services is a feature installed on Windows Server OS that gives the capability to push a Windows OS image to a computer. It’s a good foundation to have set up to start your deployment methods. This option has the quickest initial setup to get up and running but does require more manual configuration when it comes to building the OS image to your liking. MDT Microsoft Deployment Toolkit takes WDS take it to one big step further from WDS. It actually requires WDS to work but implements Lite Touch Installation. This woul
Read more