Kerberos and NTLM Security Vulnerabilities

  1. Mitigation and Hardening Strategies
    1. NTLM Hardening
      1. NTLM Restriction Policies
        1. Group Policy Configuration
          1. NTLM Audit Mode
            1. NTLM Blocking Implementation
            2. SMB Security Enhancements
              1. SMB Signing Enforcement
                1. SMB Encryption
                  1. SMB Version Control
                  2. Credential Protection
                    1. Credential Guard Implementation
                      1. Protected Process Light (PPL)
                        1. LSA Protection
                      2. Kerberos Hardening
                        1. Service Account Security
                          1. Strong Password Policies
                            1. Managed Service Accounts
                              1. Regular Password Rotation
                              2. Encryption Improvements
                                1. AES Encryption Enforcement
                                  1. Weak Encryption Deprecation
                                    1. Key Length Requirements
                                    2. Pre-authentication Enforcement
                                      1. Disabling Pre-auth Bypass
                                        1. Smart Card Authentication
                                          1. Multi-factor Authentication
                                          2. Delegation Security
                                            1. Constrained Delegation Configuration
                                              1. Resource-Based Delegation Control
                                                1. Delegation Monitoring
                                              2. Administrative Security
                                                1. Privileged Access Management
                                                  1. Tiered Administration Model
                                                    1. Just-in-Time Administration
                                                      1. Privileged Access Workstations (PAWs)
                                                      2. Account Security
                                                        1. Protected Users Group
                                                          1. Authentication Policies
                                                            1. Authentication Policy Silos
                                                            2. KRBTGT Protection
                                                              1. Regular Password Rotation
                                                                1. Monitoring and Alerting
                                                                  1. Access Control
                                                                2. Network Security Controls
                                                                  1. Network Segmentation
                                                                    1. Micro-segmentation
                                                                      1. VLAN Isolation
                                                                        1. Firewall Rules
                                                                        2. Traffic Monitoring
                                                                          1. Network Access Control (NAC)
                                                                            1. Intrusion Detection Systems (IDS)
                                                                              1. Security Information and Event Management (SIEM)
                                                                            2. Endpoint Security
                                                                              1. Endpoint Detection and Response (EDR)
                                                                                1. Behavioral Monitoring
                                                                                  1. Threat Hunting Capabilities
                                                                                    1. Incident Response Integration
                                                                                    2. Application Control
                                                                                      1. Application Whitelisting
                                                                                        1. Code Integrity Policies
                                                                                          1. Device Guard Implementation
                                                                                          2. System Hardening
                                                                                            1. Security Baselines
                                                                                              1. Patch Management
                                                                                                1. Configuration Management

                                                                                            Previous

                                                                                            7. Detection and Monitoring

                                                                                            Go to top

                                                                                            Back to Start

                                                                                            1. Foundations of Windows Authentication