Security Basics mailing list archives
RE: XP password and encryption
From: "David Gillett" <gillettdavid () fhda edu>
Date: Tue, 6 Jan 2004 12:47:24 -0800
1) I think this has pretty much been covered. Pro is that you're protected from inherent flaws in NTLM. Con is that you're protected from communicating with machines that still have to rely on NTLM. 2) The normal way to configure this is to set servers to require it of all clients, and clients to use it whenever connecting to a server that permits it -- this allows clients to still talk to legacy servers as necessary. In transport mode, IPSEC encrypts the contents of packets, but not the layer 3 headers. If your original concern was about someone sniffing an exchange of hashes, this would both additionally secure them, and submerge them in a mass of encrypted traffic where picking out the packets of interest would be more challenging. 3) It's not. Assigning IP addresses is going to be up to whoever provides the network routers, and those would have to both (a) support IPv6, and (b) be configured to use it. Of course, most won't bother until they can safely assume that the critical mass of client hosts also support it -- including it in XP helps bring that day a little closer. David Gillett
-----Original Message----- From: J. Yoon [mailto:supercool9000 () hotmail com] Sent: January 6, 2004 04:28 To: security-basics () securityfocus com Subject: RE: XP password and encryption 1) What are the pro's and con's of turning off NTLM on my XP box? 2) Aside from the obvious, what does IPSEC encryption do to make things more secure? For example, which layers does this protocol work at and could it ever interfere with any existing settings/applications due to backward compatibility issues? 3) IPv6's supposedly the solution to the "running out of IP addresses problem". Sorry if this is a dumb Q, but if the job of assigning IP addy's is upto the authorities... how exactly is IPv6 configurable / useful to avg joe users like you and me... For example, I think I saw references to IPv6 within XP control-panel / network settings what exactly can we do with it?Note that you also have the option of requiring IPSEC encryption of all local client/server traffic, andthis too is a goodthing. 3/a/b) Check out Kerberos; it might be able to do what you want._________________________________________________________________ Take advantage of our limited-time introductory offer for dial-up Internet access. http://join.msn.com/?page=dept/dialup -------------------------------------------------------------- ------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- XP password and encryption J. Yoon (Jan 05)
- RE: XP password and encryption David Gillett (Jan 05)
- RE: XP password and encryption Gino Genari (Jan 06)
- RE: XP password and encryption Raoul Armfield (Jan 06)
- <Possible follow-ups>
- RE: XP password and encryption Kenneth Buchanan (Jan 06)
- RE: XP password and encryption J. Yoon (Jan 06)
- RE: XP password and encryption David Gillett (Jan 06)
- RE: XP password and encryption Nero, Nick (Jan 06)
- RE: XP password and encryption David Gillett (Jan 05)