Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2024

Kerberos v5 Authentication

Kerberos stands as the default authentication protocol facilitating secure service requests between trusted devices within a network. It has been an integral component of Windows Active Directory (AD) environments since the era of Windows 2000. When a user logs into their computer, Kerberos undertakes mutual authentication, ensuring both the user and the server validate their identities.

System Cryptography: A Beginner's Guide

In today’s digitally interconnected world, where data flows freely across networks and devices, ensuring its security is paramount. This is where system cryptography steps in, offering a suite of tools and techniques to safeguard sensitive information from prying eyes and malicious actors. Let’s delve deeper into the realm of system cryptography, exploring its intricacies and significance in modern computing.

Kerberos Ticket and Authentication in Active Directory

Many ask, what is Kerberos? Kerberos is an authentication protocol. It is designed for client-server applications and requires mutual verification. It is the default protocol used for logging into a Windows machine that is part of a domain, relies on a secure communication channel between the client and the Domain Controller (DC). Windows updates address security concerns such as vulnerabilities in this channel, ensuring that the user database stored on the DC is protected.

Ensure LAPS AdmPwd GPO Extension / CSE is installed

The Windows Local Administrator Password Solution ( Windows LAPS) is a built-in Windows feature designed to seamlessly handle and safeguard the password for a local administrator account on devices joined to either Microsoft Enterprise or Windows Server Active Directory domains. Additionally, Windows LAPS can be utilized to automatically manage and secure the Directory Services Restore Mode (DSRM) account password on Windows Server Active Directory domain controllers.

Windows Update Result in Memory Leak and Domain Controllers Crashing

Windows administrators have cautioned that after applying the KB5035855 and KB5035857 updates, released as part of March 2024 Patch Tuesday for Windows Server 2016 and Windows Server 2022, domain controllers running the updated versions of Windows Server may experience crashes and reboots. Affected servers are freezing and rebooting stemming from a memory leak in the Local Security Authority Subsystem Service (LSASS), leading to continually increasing memory usage over time.

How LDAP is used in Active Directory

The primary protocol employed within Microsoft’s Active Directory(AD) is Lightweight Directory Access Protocol (LDAP). While LDAP serves as a fundamental component in AD, its application extends beyond, enabling user authentication in various tools and client environments. This includes Red Hat Directory Servers on UNIX systems and OpenLDAP, an open-source application used on Windows platforms.

LDAP Authentication, Configuration and Security Hardening - Signing, Binding and Configuring

Lightweight Directory Access Process (LDAP) serves as a user authentication mechanism tailored for directory services. This protocol is commonly employed by applications to retrieve resource data such as user profiles and various system elements. LDAP enables the identification of a client’s attributes with servers such as Active Directory, OpenLDAP, and Open DJ. Introduced in 1993, LDAP version 3 has been the Internet standard for directory services since 1997.

Access This Computer From the Network - Best Practices for DC and Member Servers

This policy enables users on the network to establish connections with the computer, and it’s necessary for several network protocols such as Server Message Block (SMB), NetBIOS, Common Internet File System (CIFS), and Component Object Model Plus (COM+).

Disable IPv6

Internet Protocol version 6 (IPv6) is a network layer protocol that facilitates communication across the internet by assigning unique IP addresses to each device for identification and location purposes. With the onset of the digital era in the 1990s, the limitations of IPv4 addresses in accommodating the escalating demand became evident. Consequently, the Internet Engineering Task Force (IETF) embarked on developing the next-generation internet protocol, leading to the emergence of IPv6.

Kubernetes Hardening Guide

Kubernetes, also referred to as k8s or “kubes,” stands as a portable, extensible, open-source container orchestration platform designed for managing containerized workloads and services. Initially developed by Google based on its internal systems Borg and later Omega, Kubernetes was introduced as an open-source project in 2014 and subsequently donated to the Cloud Native Computing Foundation (CNCF).

How to Prevent Brute Force Attacks

A brute-force attack is a trial-and-error method hackers use to guess login information, and encryption keys, or find hidden web pages. In a brute force attack, an attacker tries as many combinations as possible, systematically incrementing through all possibilities until the correct password is discovered. This can be done manually, but it is usually automated using specialized software tools designed for this purpose.

Windows NT Lan Manager Hardening Best Practices

Windows New Technology LAN Manager (NTLM) is an outdated challenge-response authentication protocol developed by Microsoft. Despite being surpassed by Kerberos, NTLM remains in use as a form of Single Sign-On (SSO), allowing users to authenticate to applications without directly providing their passwords.

LAN Manager authentication level best practices

LAN Manager (LM) authentication level is a security setting that determines how Windows systems authenticate network connections. It is a legacy authentication protocol developed by Microsoft for use in older versions of Windows network operations. There are three main protocols involved in LAN Manager Authentication: The LAN Manager Authentication Level setting allows you to choose which protocols your system will use or accept for authentication.