Security Basics mailing list archives

Re: NTLMv2 on RAS

From: "Paul Kurczaba" <paul () myipis com>
Date: Fri, 14 May 2004 14:38:00 -0400

According to MS, win98 supports NTLMv2:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239869

-Paul Kurczaba
----- Original Message ----- 
From: "Leon North" <leon_nc () linuxmail org>
To: <security-basics () securityfocus com>
Sent: Friday, May 14, 2004 5:28 AM
Subject: NTLMv2 on RAS

We have a stand alone Win2k Server running as a RRAS machine (i.e. local

accounts only, NOT a domain member). As part of hardening it, I want to set
LM Compatibility to only allow NTLMv2 authentication, which is significantly
more secure. This means Win98 and earlier clients couldn't connect to it
(without some modification). Fine, since apart from RAS we will only be
logged on or connecting to it locally, not from any other machines.


My question is will this effect Win98 clients connecting over RAS? RAS

clients use remote auth such as MSCHAP (I will also restrict to MSCHAPv2
which Win98 does support), but do RAS clients ONLY use the remote
authentication, or do they also use local authentication protocols as well
in the process?


Or to simplify even further- will configuring the Win2k RRAS LM

Compatibility to NTLMv2 impact remote clients connecting via RRAS in any
way?


Any help appreciated.

Leon
-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

--------------------------------------------------------------------------

Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or

less

to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the

skills

of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
--------------------------------------------------------------------------

--




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

NTLMv2 on RAS Leon North (May 14)
- Re: NTLMv2 on RAS Paul Kurczaba (May 14)
- <Possible follow-ups>
- RE: NTLMv2 on RAS Roger A. Grimes (May 14)