Forum Discussion
justdoit1530
Oct 23, 2023Copper Contributor
RPC Endpoint Mapper Client Authentication uses NTLM
Introduction The main goal is to secure existent windows 10 clients. As there a few hardening recommendations from for example CIS and Microsoft concerning secure OS configuration i discovered a pot...
thesquirrel1130
May 08, 2024Copper Contributor
We are finally killing NTLM! Our issue was "Enable RPC endpoint mapper client authentication" (Enabled) and "Restrict unauthenticated RPC clients" (Enabled - Authenticated). To protect the RPC ports we have implemented, for several years, IPSEC in the windows firewall to require it on TCP 135 incoming. We will soon be requiring it on the dynamic ports which will also be limited to a known range of 150 ports. This protects those ports from Nessus scans (if you don't put the Nessus scanner's IP in a full allow rule). This way we can still protect RPC by having IPSEC authentication and blocking all outbound NTLM. NTLM is still allowed inbound for our RDP gateway until we get our remote clients to use the built-in KDC proxy on the gateway.