Ars Technica

Internet Explorer always using Kerberos authentication... even when unsupported.

Server: Fully-patched 2008 R2, running Certificate Services. The /certsrv virtual directory is using (I believe) default settings. Specifically, this means it's using Windows Authentication, with NTLM ...
SiliconANGLE

It’s time to put an end to the NTLM network authentication protocol

An ancient network authentication protocol has received its first death notice. The protocol, which has roots going back to the first local area network days of the 1980s, is called Microsoft NTLM, ...
Ars Technica

Intranet Authentication - IIS 5 - Kerberos instead of NTLM

At work we have an intranet web server that is Running DotNetNuke for our intranet portal. I have been having issues with people not authenticating properly after they change their password ...
Redmond Magazine

Kerberos Authentication 101: Understanding the Essentials of the Kerberos Security Protocol

While Windows IT professionals deal with security on a daily basis, very few understand the under-the-hood protocol, Kerberos. Kerberos is a security protocol in Windows introduced in Windows 2000 to ...
CSOonline

Don’t count on Kerberos to thwart pass-the-hash attacks

Several readers responded to my previous post on pass-the-hash attacks, asking if Kerberos authentication versus LANManager, NTLM, or NTLMv2 was an effective defense. It’s a good question, one that I ...
CSOonline

How to prepare for the demise of Windows NT LAN Manager

NTLM is a less secure protocol for authenticating Windows network access. Follow these steps to begin migration off it or to limit its use. Older protocols are hard to kill. From consumer-based ...
Bleeping Computer

New Microsoft NTLM Flaws May Allow Full Domain Compromise

Two security vulnerabilities in Microsoft's NTLM authentication protocol allow attackers to bypass the MIC (Message Integrity Code) protection and downgrade NTLM security features leading to full ...