Re: NT password encryption & name service

Thu, 21 Dec 2000 15:40:53 -0800 

Is there an echo in here  ... ?

Lance
----- Original Message -----
From: "Jeff Deitz" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 21, 2000 11:43 AM
Subject: RE: NT password encryption & name service


> >The Kerberos stuff is only a replacement for the venerable NTLM and even
> >more venerable Lanmanager. It is my impression that the SAM was still
> >stored in the same hashing manner in Win2K unless you use the strong
> encryption
> >option for the entire SAM (which is a pain).
>
> L0phtcrack will work on any Windows2000 system that has been upgraded from
a
> pervious version of NT, but will not work on a clean install version of
> Windows2000 that uses Kerberos. If you upgrade an existing system from NT
to
> Windows2000 you inherit all the vulnerabilities of NT that were on the
> previous version. The reason for this is because of mixed mode you have to
> support all the old NT systems, hence have all the same vulnerabilities. I
> have talked a couple of times with Microsoft's Engineers about this and
they
> acknowledged that the only way to take full advantage of the security
> features of the new Windows2000 OS is to install every system clean and
not
> upgrade an existing NT system.
>
> Unfortunately I have not been able to find a single company that is doing
> this and every single one seems to be upgrading their old systems. To be
> rushing to take advantage of some of the features of the new OS companies
> are upgrading existing systems, but don't realize the security
ramifications
> behind these upgrades. Therefore, to save cost, they are upgrading
existing
> systems and throwing away the security benefits from it. This is also one
of
> the reasons that if you do a cost analysis of upgrading all systems
> Windows2000 and building every system clean with the new OS you will find
> the cost staggering.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to