Windows Authentication - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

Windows Authentication

Description:

Title: Team Information Author: Charles Moen Last modified by: Wenqun Created Date: 2/2/2003 1:01:54 AM Document presentation format: On-screen Show – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 10
Provided by: Charle733
Category:

less

Transcript and Presenter's Notes

Title: Windows Authentication


1
Windows Authentication
  • Wenqun Li
  • Mach 24, 2004

2
Description
  • Most forms of user authentication rely on user
    supplied passwords.
  • Properly authenticated access is often not
    logged.
  • A compromised password offers the attacker an
    opportunity to access a system from inside
    virtually undetected.
  • Account with bad or empty passwords are extremely
    common,

3
The most common password vulnerabilities
  • User accounts with weak or nonexistent passwords
  • Fail to protect passwords
  • Administrative accounts with weak or nonexistent
    passwords
  • Password hashing algorithms are known

4
Three Windows Authentication Algorithms
  • LM (least secure, most compatible)
  • NLM
  • NTLMv2 (most secure, least compatible)

5
Weakness of LM Hashes
  • Passwords are truncated to 14 characters.
  • Passwords are padded with spaces to become 14
    characters.
  • Passwords are converted to all upper case
    characters.
  • Passwords are split into two seven character
    pieces.

6
Operation Systems Affected
  • All microsoft windows operating systems.
  • An example CVE-0222
  • The installation for Windows 2000 does not
    activate the administrator password until the
    system has rebooted, which allows remote
    attackers to connect to the ADMIN share without
    a password until the reboot occurs.

7
How to Protect Against It
  • Assure that passwords are consistently strong
  • Protect strong passwords
  • Tightly control accounts
  • Maintain strong password policy for the
    enterprise.
  • Disable LM authentication across the network.
  • Prevent the LM hash from being stored
  • Prevent password hashes and SAM database from be
    being copied.

8
Bibliographic Reference
  1. http//www.sans.org/top20/w3
  2. http//www.cve.mitre.org/cgi-bin/cvename.cgi?name
    CVE-2000-0222

9
Thank You
Any Questions???
Write a Comment
User Comments (0)
About PowerShow.com