Microsoft has made a public declaration regarding its intention to phase out the utilization of NT LAN Manager (NTLM) in the forthcoming Windows 11 operating system. This decision is driven by the company’s strategic shift towards alternative authentication methods and the reinforcement of security measures.
According to the statement provided by the technology company, the primary objective is to enhance the robustness of the Kerberos authentication protocol, which has served as the default option since the year 2000. Additionally, the aim is to decrease the dependence on the NT LAN Manager (NTLM) authentication mechanism. The latest additions to Windows 11 encompass the implementation of Initial and Pass Through Authentication Using Kerberos (IAKerb) as well as the inclusion of a local Key Distribution Center (KDC) for Kerberos.
The IAKerb software facilitates client authentication with Kerberos in various network topologies. The inclusion of a local Key Distribution Center (KDC) in the second feature expands the scope of Kerberos’s capability to encompass local accounts.
NTLM, which was initially developed during the 1990s, encompasses a collection of security protocols designed to furnish users with authentication, integrity, and confidentiality. The technology in question is a single sign-on (SSO) mechanism that utilizes a challenge-response protocol to authenticate a user’s knowledge of the password linked to their account, thereby establishing their identity to a server or domain controller.
Since the introduction of Windows 2000, the NTLM authentication system has been replaced by a more advanced protocol known as Kerberos. However, NTLM still serves as a secondary option in situations where Kerberos is not available.
The primary distinction between NTLM and Kerberos is in their respective approaches to authentication management. According to CrowdStrike, the authentication process in NTLM involves a three-way handshake between the client and server. Kerberos employs a dual-phase mechanism that capitalizes on a ticket-granting service or key distribution center.
Another important contrast resides in the fact that NTLM uses password hashing, whereas Kerberos utilizes encryption.
In addition to the inherent security vulnerabilities of NTLM, the technology has been susceptible to relay attacks, which can enable illegal interception of authentication attempts and subsequent unauthorized access to network resources by malicious actors.
According to Microsoft, efforts are on to rectify the presence of hard-coded NTLM instances inside its components, in anticipation of the eventual deactivation of NTLM in Windows 11. Additionally, Microsoft has stated that it is implementing enhancements that promote the utilization of Kerberos as a preferred alternative to NTLM.
According to Matthew Palko, Microsoft’s senior product management lead in Enterprise and Security, the aforementioned modifications will be automatically activated and will not necessitate configuration in the majority of situations. The NTLM protocol will remain accessible as a contingency measure in order to preserve compatibility with current systems.
About The Author:
Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.
Read More News Here
According to Splunk, 90% of organizations experienced at least one major cyberattack in the previous year