Solved

Windows 2008 AD: Replay resistant for network access

Posted on 2010-08-20
2
4,467 Views
Last Modified: 2012-05-10
I have a requirement as follows;

The information system uses replay resistant authentication mechanisms for network access to non-privileged and privileged accounts.

    I need the mechanisms and the supporting Microsoft page the validates the replay resistant aspects of Windows 2008.  I know Kerberos is in effect, but you still have a (configurable) window.  I know each user has a SID and each computer has a SID, but is the computer SID used in the process?  I am open to other considerations.
0
Comment
Question by:awakenings
2 Comments
 

Author Comment

by:awakenings
ID: 33488407
The guidance states;

An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols that use nonces or challenges (e.g., TLS), and time synchronous or challenge-response one-time authenticators.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33488587
Kerberos is the default authentication method and you are protected against replay attacks

http://technet.microsoft.com/en-us/library/dd277401.aspx
...Note that since all authenticators must be unique, they are valid one time only. Therefore, Kerberos protects the system from replay attacks.....

Thanks

Mike
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question