Core Infrastructure and Security Blog
Copied!
Home
Options
600
Mike Kammer on 12-10-2019 06:21 AM
2,922
Paul Bergson on 12-04-2019 02:12 PM
3,343
wallenc on 11-26-2019 01:08 PM
1,898
Zoheb Shaikh on 11-19-2019 06:22 AM
1,466
Stanislav Belov on 11-12-2019 11:00 PM
2,389
SteveMat on 11-11-2019 02:27 PM
12.2K
Alan La Pietra on 11-04-2019 06:26 AM
485
Sean Leonard on 11-01-2019 03:23 PM
520
Joe_Zinn on 11-01-2019 03:22 PM
612
Joe_Zinn on 11-01-2019 03:22 PM
527
Joe_Zinn on 11-01-2019 03:22 PM
424
Sean Leonard on 11-01-2019 03:21 PM
418
Joe_Zinn on 11-01-2019 03:21 PM
393
Joe_Zinn on 11-01-2019 03:21 PM
416
Joe_Zinn on 11-01-2019 03:20 PM
417
Joe_Zinn on 11-01-2019 03:20 PM
615
Joe_Zinn on 11-01-2019 03:20 PM
829
Joe_Zinn on 11-01-2019 03:20 PM
1,495
Joe_Zinn on 11-01-2019 03:20 PM
1,953
Joe_Zinn on 11-01-2019 03:20 PM
410
AMARSIGLIA on 11-01-2019 03:20 PM
428
Joe_Zinn on 11-01-2019 03:20 PM
398
ktackett on 11-01-2019 03:17 PM
376
AMARSIGLIA on 11-01-2019 03:12 PM
387
ktackett on 11-01-2019 03:12 PM
392
AMARSIGLIA on 11-01-2019 03:09 PM
367
ktackett on 11-01-2019 03:08 PM
382
ktackett on 11-01-2019 03:08 PM
379
ktackett on 11-01-2019 03:07 PM
439
ktackett on 11-01-2019 03:05 PM
Latest Comments
@Justin_Shi Hi Justin, you can go with only one but to cover all security concerns related to this issue we recommend to change both. Also because the update will update both. Channel Binding Token info (was FAQ): https://internal.support.services.microsoft.com/en-us/help/2022970 Channel Binding for...
0 Likes
Hi @Alan La Pietra, One question here, according to the 2 documents here:LDAP channel bindingLDAP signingCan I just follow one doc to make my communications between LDAP clients and Active Directory domain controllers more secure? Or I must configure both the 2 to get this advantages. What's the dif...
0 Likes
If there is a requirement to secure the binding with a certificate, either internal CA or third party CA, and the domain ends in .local, is it possible to obtain a certificate from a third party CA for a upn suffix that is available externally and use this instead to bind securely? Deploying an inte...
0 Likes
For those with Macs, it looks like they do not support CBT (Channel Binding Tokens) so it won't be possible to set LdapEnforceChannelBinding to 2, but it does work with it set to 1 (Compatibility Mode). I'm guessing most people will have to stay in that mode anyway, due to an assortment of 3rd party...
2 Likes
Thank you, fascinating read and very informative! I do hope to build up my Windows troubleshooting skills higher and higher. Whenever I have to reinstall Windows to get an update applied I feel defeated :) Is there a good source to learn about Windows Update internals and troubleshooting things arou...
0 Likes