NTLM V1 and V2 Differentiation Against Kerbero | CalCom Software


Kerberos, NTLMv1 and NTLMv2 are the three different authentication protocols. These protocols seek to improve security, especially in the Active Directory environment. Authentication protocols are widely used in attack techniques. They might facilitate the access and privilege-escalation of intruders. So it's important to choose the most trustworthy protocol and be aware of its shortcomings.



The underlying fact that the NTLMv1 protocol is the oldest of the three is shown when NTLM v1 and v2 are compared to Kerberos. NTLMv2 offers a few minor security-enhancing upgrades. The authentication process using Kerberos is significantly more complex and secure.

AUTHENTICATION of NTLMV1: 

NTLM was made by Microsoft. Both current and vintage Windows versions are compatible with it (Windows 95, Windows 98, Windows ME, N.T 4.0).

  • The NTLM authentication protocol uses a challenge-response mechanism.

  • A user connects on to a client computer using a domain name, username, and password.

  • The client computer uses cryptography to create an NT or KM hash of the password.

  • The client computer sends the username in plain text to the desired server.

  • The challenge is that the targeted server generates and delivers the client machine a 16-byte random number.

  • The client machine responds to the challenge by sending the user's password hash.

  • The server sends the domain controller the username, challenge, and response (DC).

  • The DC asks the Security Account Manager for the hash of the user password using the username.

  • The DC encrypts the challenge.

  • The client's encrypted response to the challenge that the DC has encrypted is examined by the DC. If they exactly match, the authentication is accepted.

Authentication of NTLMV2

Although NTLM v2 differs from NTLM v1 in two ways, the overall structure remains the same:

The client includes a timestamp while transmitting the username to the client (stage 3). 2. The targeted server generates a variable-length challenge (as an alternative to the 16-byte challenge). These modifications aid in relay attack mitigation. But since NTLMv2 still uses the same authentication technique, it can still be vulnerable to more NTLMv1 problems.

NTLM only allows one-way authentication from the client to the server using the challenge-response mechanism. This lessens NTLM security because the client could unintentionally verify in the presence of a fake server.

Authentication of KERBEROS 

The Kerberos protocol is free and open-source software. Newer versions of Windows are supported (Windows 2000, Windows XP, and beyond) (Windows 2000, Windows XP, and later).

The Kerberos authentication procedure is more challenging than NTLM. Kerberos uses mutual authentication and supports two-factor authentication. It uses tickets and a token to verify the client.

NTLM v1 and v2 vs Kerberos

Now comparing, NTLM v1 and v2 vs Kerberos features:

Security: Since no passwords are stored or sent over the network, it is bad for NTML v1, better for NTML v2, and ideal for Kerberos.

Performance: NTLM v1 and NTML v2 both have slower authentication but Kerberos has faster authentication.

Delegation Support: While Kerberos enables delegation of authenticity and impersonation, NTLM v1 and NTML v2 only support impersonation.

Multi-Factor Verification – Smart Cards: NTLM v1 and NTLM v2 do not support them; Kerberos, on the other hand, does.

Cryptography: NTLM v1 and NTML v2 both support symmetric cryptography, while Kerberos also supports both asymmetric and symmetric cryptography.

Reliable third party: KDC, DC (and Windows Enterprise Certification Authority in Kerberos PKINIT) for Kerberos, and DC for NTLM v1 and NTML v2.

Mutual authentication: NTLM v1 and NTML v2 do not support it, but Kerberos does.

Conclusion

These situations can be challenging to find. For this reason, it is recommended to automate this operation. The application of hardening solutions will notify you of any instances where NTLM is being used, as well as any instances where you can disable NTLM and use only Kerberos without causing any harm. Additionally, it will put your policy into practise in the real working environment to ensure that everything is set up correctly. Finally, it will monitor any setting drifts and make the necessary corrections to keep you secure and compliant.


Comments

Post a Comment

Popular posts from this blog

Why is A Secure Remote Desktop Essential For The Remote Interaction of Computers

Image
A programme or operating system feature called a secure remote desktop enables users to connect to computers located in different places, view their desktops, and interact with those computers as if they were nearby. Once the connection is made, users may carry out a variety of operations as if they were physically in front of the computer. They can manage apps, address problems, and, if they choose, even do administrative functions. People may now benefit from increased connectivity and flexibility in both their personal and professional life due to remote desktop technology. Tips to secure remote desktop connection Although they both enable employees to work remotely, remote desktop access and cloud computing are significantly different. Users of cloud computing can access documents and software that is particularly stored on cloud servers. On contrary, while employing remote desktop software, users directly access their desktop computer and can only access locally saved files and
Read more

What is Cyber hygiene? Everything You Need to Know About It | CalCom Software

Image
  What is Cyber hygiene? Everything you need to know about It   If you are a working professional or a student, you must have heard about cyber hygiene. People nowadays are becoming more conscious of maintaining good cyber hygiene. And many technology geeks are always looking for new ways to improve cyber hygiene.  But do you know what cyber hygiene is? If not, keep reading. Here we will tell you everything about cyber hygiene that you should know. What is Cyber hygiene? Many of you have heard the term cyber hygiene, but few know what cyber hygiene is exactly. Cyber hygiene is also known as cyber security maintenance. Cyber hygiene is a set of practices or best practices performed by an individual or institution regularly to ensure secure and healthy cyberspace. This cyber hygiene helps secure users' privacy along with their data, network and devices.   Tips for maintaining cyber hygiene Maintaining good cyber hygiene is essential to keeping your cyberspace safe and secure.
Read more

Why is Windows 10 hardening an important aspect of the security of your computer

Image
One of the most crucial stages toward effective information security is operating system hardening. To stay up with advancements in OS technology, hardening must be modified as operating systems change over time and include new features and capabilities. You may use the robust constructed security measures that Windows 10 offers to harden the operating system. When implementing Windows 10 hardening , there are many operating system hardening strategies you may apply. To make sure the system is as secure as possible, Windows 10 is loaded with different types of features, programmes, and software that must be properly set. How can you harden a windows 10 operating system? Windows 10 has a huge amount of great features, including privacy and security capabilities for securing your PC. If your computer is not adequately secured, you might be vulnerable to cyberattacks. Hardening your computer is similar to locking the doors and testing the locks on your security system. Anyone who has en
Read more