Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Don't count on Kerberos to thwart pass-the-hash attacks

27 Apr 2010   #1

Win 7 Ultimate 64-bit. SP1.
Don't count on Kerberos to thwart pass-the-hash attacks

The Kerberos authentication protocol has plenty of benefits but offers little defense against pass-the-hash attacks.

Several readers responded to my previous post on pass-the-hash attacks, asking if Kerberos authentication versus LANManager, NTLM, or NTLMv2 was an effective defense. It's a good question, one that I considered as I was writing last week's post. Reader Christopher Hallenbeck made some especially good arguments for it, and I've reconsidered my original stance on discussing the subject.

Invented at MIT, Kerberos is an open authentication protocol used on a variety of computer systems. Kerberos systems pass cryptographic key-protected authentication "tickets" between participating services. The password hashes are neither sent nor stored, so they can't be captured and reused as easily.

Kerberos is the default authentication protocol implemented in Windows 2000. More recent operating systems use Kerberos to connect to Windows 2000 and to later network Kerberos-protected resources and services. In most of today's Windows networks, Kerberos authentication is widespread. Kerberos has the potential to reduce pass-the-hash risk, but not nearly as much as one would initially think.
Don't count on Kerberos to thwart pass-the-hash attacks | Security Central - InfoWorld

My System SpecsSystem Spec


 Don't count on Kerberos to thwart pass-the-hash attacks

Thread Tools

Similar help and support threads for2: Don't count on Kerberos to thwart pass-the-hash attacks
Thread Forum
Microsoft to ship emergency IE patch to thwart active attacks Security News
Ubuntu Fixes Kerberos Bug With New Packages Security News
How to thwart the new DLL hijacks News
Intercepting pass-the-hash attacks. Security News
Kerberos Authentication to UNIX from Windows 7 OS System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 07:22 PM.
Twitter Facebook Google+

Windows 7 Forums

Seven Forums Android App Seven Forums IOS App

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33