Windows 2008 AD: Replay resistant for network access

I have a requirement as follows;

The information system uses replay resistant authentication mechanisms for network access to non-privileged and privileged accounts.

    I need the mechanisms and the supporting Microsoft page the validates the replay resistant aspects of Windows 2008.  I know Kerberos is in effect, but you still have a (configurable) window.  I know each user has a SID and each computer has a SID, but is the computer SID used in the process?  I am open to other considerations.
awakeningsAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Mike KlineConnect With a Mentor Commented:
Kerberos is the default authentication method and you are protected against replay attacks

http://technet.microsoft.com/en-us/library/dd277401.aspx
...Note that since all authenticators must be unique, they are valid one time only. Therefore, Kerberos protects the system from replay attacks.....

Thanks

Mike
0
 
awakeningsAuthor Commented:
The guidance states;

An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols that use nonces or challenges (e.g., TLS), and time synchronous or challenge-response one-time authenticators.
0
All Courses

From novice to tech pro — start learning today.