Hello,
A basic question I hope.
What are the Layer Protocols, Frames, Ports etc. to monitor to ensure that
the Authentication is being transmitted properly (i.e. we want to ensure
that NTLMv2 is being utilized and no LM authentication is being
transmitted.)
My assumption is to watch NETBIOS (137,138,139) because Logon Sequence,
NetLogon, and pass Through Validation occur on them. Possibly 445 as well.
This is a NT4 domain with W2K servers and workstations as well, no win98, me
or 95.
Thoughts, additions, and advice will be greatly appreciated.
______________________
Dave Kleiman
dave_at_netmedic.net
www.netmedic.net
-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities
- including intrusion identification, relevancy, direction, impact and analysis
- enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Received on Jun 04 2003
Intro
