Greetings to all;
What I meant to say in my previous message is that Jeff and I agree that the
Windows 2000 environment is not secure when running in mixed mode. I was
aware of the "clean build" rule as well because when researching the book I
helped to write, this was a most interesting topic.
Lance
----- Original Message -----
From: "Lance Ecklesdafer" <[EMAIL PROTECTED]>
To: "Jeff Deitz" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, December 21, 2000 6:39 PM
Subject: Re: NT password encryption & name service
> Is there an echo in here ... ?
>
> Lance
> ----- Original Message -----
> From: "Jeff Deitz" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, December 21, 2000 11:43 AM
> Subject: RE: NT password encryption & name service
>
>
> > >The Kerberos stuff is only a replacement for the venerable NTLM and
even
> > >more venerable Lanmanager. It is my impression that the SAM was still
> > >stored in the same hashing manner in Win2K unless you use the strong
> > encryption
> > >option for the entire SAM (which is a pain).
> >
> > L0phtcrack will work on any Windows2000 system that has been upgraded
from
> a
> > pervious version of NT, but will not work on a clean install version of
> > Windows2000 that uses Kerberos. If you upgrade an existing system from
NT
> to
> > Windows2000 you inherit all the vulnerabilities of NT that were on the
> > previous version. The reason for this is because of mixed mode you have
to
> > support all the old NT systems, hence have all the same vulnerabilities.
I
> > have talked a couple of times with Microsoft's Engineers about this and
> they
> > acknowledged that the only way to take full advantage of the security
> > features of the new Windows2000 OS is to install every system clean and
> not
> > upgrade an existing NT system.
> >
> > Unfortunately I have not been able to find a single company that is
doing
> > this and every single one seems to be upgrading their old systems. To be
> > rushing to take advantage of some of the features of the new OS
companies
> > are upgrading existing systems, but don't realize the security
> ramifications
> > behind these upgrades. Therefore, to save cost, they are upgrading
> existing
> > systems and throwing away the security benefits from it. This is also
one
> of
> > the reasons that if you do a cost analysis of upgrading all systems
> > Windows2000 and building every system clean with the new OS you will
find
> > the cost staggering.
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
