Infotech
All communications between different devices happen using a specific protocol.
One such authentication protocol is NTLM.
NTLM is an old technology originally introduced with Windows NT 3.1.
This is verified using your credentials, of course.
Before NTLM, there was another authentication protocol known as LM.
That, of course, was even weaker than NTLM.
With NTLM, Microsoft released the NTLMv1 initially, but improved its security and released NTLMv2.
Both of these are insufficient to counter the threats of modern technology.
This is why it will be wise to monitor and block this technology from being used at all.
This is to counter any compatibility issues.
However, even this approach is not secure according to modern times.
This can be done on both Windows Servers as well as Windows client OS.
In addition, it shows NTLM authentication requests to domain controllers.
Moreover, the policy also offers different options that are discussed in the following steps.
Now select one of the following options from the drop-down menu:
ClickApplyandOk.
Monitor NTLM using PowerShell
NTLM traffic logs can be checked using PowerShell as well.
However, you will still need to initiate the Group Policy as discussed above.
These events will have the event ID 4624.
These are all the methods to find out and monitor which apps are using the NTLM protocol.
Let us now see how to disable/block NTLM authentication on your domain.
However, this will block all authentication that uses the NTLM protocol.
The NTLM authentication protocol is one such example.
It is only there to ensure that the apps that are still using this technology continue to work.
Otherwise, it has no security significance in todays world.
0
Get weekly insights, tips and exclusive content delivered straight to your inbox.
Talk to us straight and get your questions answered right away
source: www.itechtics.com
