dani
Sep 05, 2020
view4011
view0
0
Goto Top

Decrypting the Selection of Supported Kerberos Encryption Types

InformationWindows ServerMicrosoft
In recent months Microsoft support has received a lot of questions regarding disabling RC4 for the encryption of Kerberos tickets. If I had to guess the CIS L1 Baseline and RFC 8429 guidance to disable RC4 is likely responsible for much of that interest. While RC4 has not been formally deprecated in Active Directory, the evolution of an attack known as Kerberoasting provides a compelling reason to upgrade given RC4 encryption uses the weak NTLM hash as the key for encryption. To date tickets encrypted with AES keys are not susceptible to Kerberoasting.

As with many hardening settings, the decision to eliminate RC4 for Kerberos ticket encryption is not entirely cut and dry. Let’s a take a look at the considerations and then you can decide how you want to move forward with improving your security posture in this area.

Weiterlesen...
comment-contentCommentShareShare
Share on Facebook Share on Twitter Share on Reddit Share on Linkedin

Content-Key: 602285

Url: https://administrator.de/contentid/602285

Printed on: April 18, 2024 at 23:04 o'clock

InformationWindows ServerMicrosoft
More from DaniDaniEnd of Support dates for Office 2016, 2019 Apps und Productivity ServersDani - 1 CommentDaniMSFT - Last Exchange Server ScenarioDani - 1 CommentDaniIntroducing Windows Server 2025Dani - 14 CommentsDaniHow to pause throttling and blocking of out-of-date on-premises Exchange ServersDani
Hotly discussed
AlexWishaHow to set up and configure a Linux GRE tunnelAlexWisha - 3 CommentsjstrickerWIREGUARD VPN ON UDM PRO BEHIND FRITZBOX - HANDSHAKE DID NOT COMPLETEjstricker - 1 CommentDaniEnd of Support dates for Office 2016, 2019 Apps und Productivity ServersDani - 1 Comment