Presentation is loading. Please wait.

Presentation is loading. Please wait.

Experience with NTLM v2 on Win2K in NT 4.0 Domain Myung Bang Jefferson Lab Hepix-HepNT 2000 October 31, 2000.

Published byBrandi Hardgrave Modified over 9 years ago

Similar presentations

Presentation on theme: "Experience with NTLM v2 on Win2K in NT 4.0 Domain Myung Bang Jefferson Lab Hepix-HepNT 2000 October 31, 2000."— Presentation transcript:

1 Experience with NTLM v2 on Win2K in NT 4.0 Domain Myung Bang Jefferson Lab Hepix-HepNT 2000 October 31, 2000

2 2 Authentication Protocols NT uses 3 different authentication protocols –Lan Manager (LM) Hash –NTLM –NTLM v2

3 3 Explanation of Auth. Protocols LanMan Hash –Introduced for backward compatibility (Win95, Win 3x, DOS and OS2) –Uses a Challenge/Response mechanism –Algorithm allows passwords to be attacked in 7 character chunks

4 4 Explanation of Auth. Protocols (cont.) NTLM –Improves security for connection between NT Clients and Servers –Supports Session Security mechanism for message confidentiality (encryption) and Integrity (signing) –Takes advantage of all 14 characters in the password and allows lower case letters –The key-space for password-derived key is 56 bits.

5 5 Explanation of Auth. Protocols (cont.) NTLM v2 –Most improved version of NTLM on both authentication and session security mechanism –Available from Service Pack 4 or later –Enhanced implementation of NTLM Security Service Provider (SSP) –Allows clients and servers to require the negotiation of message confidentiality, message integrity, 128 bit encryption and NTLM v2 session security –The key space for password-derived key is 128 bits

6 6 Goal Get rid of LanMan Hash and NTLM from the network All clients using the same authentication, NTLM v2 –All Clients, LM Compatibility Level 3 –All member servers, LM Compatibility Level 3 –All Domain Controllers, LM Compatibility Level 5

7 7 Definition of Levels 0 - Sends LM and NTLM response; never use NTLMv2 session security. Clients will use LM and NTLM authentication, and never use NTLMv2 session security. Domain controllers will accept LM, NTLM and NTLMv2 authentication. 1 - Uses NTLMv2 session security if negotiated. Clients will use LM and NTLM authentication, and use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM and NTLMv2 authentication. –Bug: according to the documentation, Level 1 still sends the LM response in place of NTLM when possible. 2 - Sends NTLM response only. Clients will only use NTLM authentication, and uses NTLMv2 session security if the server supports it. Domain controller accepts LM, NTLM and NTLMv2 authentication.

8 8 Definition of Levels (Cont.) 3 - Send NTLMv2 response only. Clients will use NTLMv2 authentication, use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM and NTLMv2 authentication. 4 - Domain controller refuses LM responses. Clients will use NTLMv2 authentication, and use NTLMv2 session security if the server supports it. Domain controller refuses LM authentication (instead, it accepts NTLM and NTLMv2). 5 - Domain controller refuses LM and NTLM responses (accepts only NTLMv2). Clients will use NTLMv2 authentication, use NTLMv2 session security if the server supports it. Domain controller refuses NTLM and LM authentication (accepts only NTLMv2).

9 9 Summary of Definition Levels Protocols 012345 LM**** ****** NTLM**** **** ****** NTLM v2 * ***** ****** Clients - Send * Domain Controllers - Receive *

10 10 Requirements for using NTLM2 Windows NT 4.0 –Service Pack 4 or better Windows 2000 –Windows 2000 High Encryption Pack Win 9x –Patch from Windows 2000 CD called Dsclient.exe (per Article ID: Q239869) All Systems need to modify their Registry Settings

11 11 NTLM v2 Registry setting - Clients HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\LS A –Value Name: LMCompatibilityLevel –Data Type: REG_DWORD –Value: 3 HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\LS A\MSV1_0 –Value Name:NtlmMinClientSec –Data Type: REG_DWORD –Value: 20080030 –Value Name:NtlmMinServerSec –Data Type: REG_DWORD –Value: 20080030

12 12 NTLM v2 Registry setting - DCs HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control –Value Name: LMCompatibilityLevel –Data Type: REG_DWORD –Value: 5 HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\LS A\MSV1_0 –Value Name:NtlmMinClientSec –Data Type: REG_DWORD –Value: 20080030 –Value Name:NtlmMinServerSec –Data Type: REG_DWORD –Value: 20080030

13 13 NTLM Security Service Provider (SSP) NtlmMinClientSec and NtlmMinServerSec 0x00000010- Message integrity 0x00000020- Message confidentiality 0x00080000- NTLM 2 session security 0x20000000- 128-bit encryption 0x80000000- 56-bit encryption Total: 20080030

14 14 Consideration of using NTLM2 During the installation of new clients, they can not join the domain because they are still in the Service Pack 1 If you are using the Wipe & Load installation and source of setup files are in the domain, DOS client can not connect to the source files.

15 15 NTLM v2 Testing Results All DCs LMCompatibility Level 5 (Accepts NTLM v2 only) All Clients (Win 9x, NT 4.0 SP6a, Win2K) with LMCompatibility Level 3 Results: –Win 9x: authenticated and access all servers –NT 4.0: authenticated and access all servers –Win2K: authenticated but can not access any servers

16 16 NTLM v2 Testing Results (cont.) DC LevelWin2K LevelResults 00, 1, 2Auth. to DC & access to svrs 03Auth. to DC & No access to svrs 40, 1, 2Auth. to DC & access to svrs 43Auth. to DC & No access to svrs 50, 2No Auth. 51, 3Auth. to DC & No access to svrs

17 17 Summary If you are using NT 4.0 Domain controllers with mix of Windows (9x, NT and Win2K) machines, you can not use pure NTLM v2. –Microsoft is aware of this problem and working on patches (NTBUGTRAQ report on 9/29/00) In Windows NT 4.0 Domain (levels that work) –All DCs, LMCompatibilityLevel 4 –All Win 9x and NT, LMCompatibilityLevel 3 –All Win2K, LMCompatibilityLevel 2

18 18 Point to ponder When all clients are in LMCompatibilityLevel 3 (NTLM v2): –NT to NT: authenticated –9x to NT: authenticated –NT to Win2K: authenticated –Win2K to NT: No access –NetApp File Server Version 5.36R1P1 (Vendor said their product can not talk NTLM v2) but NT and 9x with Level 3 can gain access when Win2k can not. Now, whose bug is it? Is it a NT or Win2K bug?

19 19 Conclusion Security is one of the top priorities in any Computing environment. We need to do whatever we can do to make our environment more secure. If you are in mixed environment like Jefferson Lab, the least you should do is get rid of LanMan Hash until Microsoft solves Win2K with NTLM v2 problem.

Download ppt "Experience with NTLM v2 on Win2K in NT 4.0 Domain Myung Bang Jefferson Lab Hepix-HepNT 2000 October 31, 2000."

Similar presentations

Preparing for Installation Reviewing the list of tasks Working with DNS Recording information Backing up files Uncompressing the drive Disabling disk mirroring.

Preparing for Installation Reviewing the list of tasks Working with DNS Recording information Backing up files Uncompressing the drive Disabling disk mirroring.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
1 MD5 Cracking One way hash. Used in online passwords and file verification.

1 MD5 Cracking One way hash. Used in online passwords and file verification.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar. 2007 Amit Golander.

Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol 6 Mar Amit Golander.
Security in Wireless LAN 802.11 Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.

Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.

Samba Integrating SMB file systems with UNIX. Samba Provides a file server compatible with Windows 9x and NT.. SMB Can function in NETBIOS name browsing.
Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il.

Ariel Eizenberg PPP Security Features Ariel Eizenberg
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.

Remote Desktop Security Raghav Chawla, Jon Ussery Group 20.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Masud Hasan 03-60-475 Secure Email Project 1. Secure Email It uses Digital Certificate combined with S/MIME capable email clients to digitally sign and.

Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Windows Security Mechanisms Al Bento - University of Baltimore.

Windows Security Mechanisms Al Bento - University of Baltimore.
Real Security InterSwyft Technical information's.

Real Security InterSwyft Technical information's.
MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.
Samba

Samba
Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.

Understanding Integrated Authentication in IIS Chris Adams IIS Supportability Lead Microsoft Corp.
Slide Master Layout Useful for revisions and projector test  First-level bullet  Second levels  Third level  Fourth level  Fifth level  Drop body.

Slide Master Layout Useful for revisions and projector test  First-level bullet  Second levels  Third level  Fourth level  Fifth level  Drop body.
WARNING! Sample chapter -Materials in this sample chapter is selected advanced penetration from https://training.zdresearch.com https://training.zdresearch.com.

WARNING! Sample chapter -Materials in this sample chapter is selected advanced penetration from

Similar presentations

Ads by Google