Security Basics mailing list archives
RE: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618
From: <dave () netmedic net>
Date: Thu, 19 Jun 2003 18:47:01 -0400
Unlike many Telnet services, the Microsoft Telnet Server service offers a method of secure logon using NTLM security. Most services allow for only a "clear text" logon, which sends your password across the network in an unencrypted form. Telntadmn.exe allows the following security settings. AllowTrustedDomain AltKeyMapping DefaultDomain DefaultShell MaxFailedLogins NTLM TermCap NumThreadsPerProcessor You can turn NTLM on with it, or edit the registry: HKEY_LOCAL_MACHINE\Software\Microsoft\TelnetServer\1.0 NTLM REG_DWORD 0x00: Disables Windows NT LAN Manager (NTLM) authentication. 0x01: Attempts NTLM first, and then uses clear text authentication. 0x02: Uses NTLM authentication only. Now you can force the W2000 server to use NTLMv2 only with the lmcompatibilitylevel REG_DWORD set to 5. I do not know how that will effect the telnet server but at least you can have NTLM. But the DefaultDomain edit in the TelnetServer key forces it to use the default domain for authentication. I will try to see if forcing to NTLMv2 causes the telnet to use NTLMv2 or does it still only use NTLM. I would suggest all these registry edits as well. machine\system\currentcontrolset\control\lsa\secureboot=4,1 machine\system\currentcontrolset\control\lsa\fullprivilegeauditing=3,1 machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel=4,5 machine\system\currentcontrolset\control\lsa\restrictanonymous=4,2 MACHINE\System\CurrentControlSet\Control\Lsa\SubmitControl=4,0 MACHINE\System\CurrentControlSet\Control\Lsa\NoLMHash\bar=4,0 http://support.microsoft.com/default.aspx?scid=kb;EN-US;225233 http://support.microsoft.com/default.aspx?scid=kb;EN-US;226107 http://support.microsoft.com/default.aspx?scid=kb;en-us;201194 _____________________ Dave Kleiman dave () netmedic net www.netmedic.net "High achievement always takes place in the framework of high expectation." Jack Kinder -----Original Message----- From: Damon McMahon [mailto:inst_karma () hotmail com] Sent: Wednesday, June 18, 2003 22:45 To: deppdm () ornl gov Cc: security-basics () securityfocus com Subject: Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Dennis, Running windump on a Windows 2000 client and tcpdump on a MacOSX 10.1 client shows the login: and password: transmitted in clear text to a Windows XP telnet server. Can you specify any documentation stating NTLM is used? Thanks in advance, Damon
The telnet built into Windows 2000 uses NTLMv2 authentication by defalt. While this is not 3DES or RC4, it is still not plain text. Dennis
_________________________________________________________________ Hotmail is now available on Australian mobile phones. Go to http://ninemsn.com.au/mobilecentral/signup.asp --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Damon McMahon (Jun 19)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Ansgar Wiechers (Jun 20)
- RE: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 dave (Jun 20)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Anders Reed Mohn (Jun 20)
- <Possible follow-ups>
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Hilal Hussein (Jun 24)
- RE: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Joe Osborn (Jun 25)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Brad Mills (Jun 25)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 James Fields (Jun 25)
- Re: security-basics Digest 18 Jun 2003 22:09:15 -0000 Issue 618 Justin Pryzby (Jun 25)