Hey folks, Ned here again with another guest post. Today we discuss hardening the SMB protocol in Windows against interception attacks, previously referred to as “Man-in-the-Middle” attacks. As you k...
Updated Sep 30, 2021
Version 8.0
Blog Post
BLOCK NTLM.
yeah. i know this is 11 years old and i've seen a few posts cropping up about this recently. but did anyone who posts this recommendation actually try it in a corporate environment? I did this a few month ago in a pretty small company, and things started failing left and right. What i remember from the top of my head:
- domain joins no longer worked (both via UI and through SCCM(!))
- RDP (coming from non-domain system) over remote desktop gateway failed
- RDP to non-domain systems failed
- SCEP from a firewall to windows CA failed
and so on.
while all of these things more or less make sense and can be explained, the end result of a 1 week test was: nope, that's currently impossible. so, anyone out there who has a different experience on this?