Solved

Windows 2008 AD: Replay resistant for network access

Posted on 2010-08-20
2
4,835 Views
Last Modified: 2012-05-10
I have a requirement as follows;

The information system uses replay resistant authentication mechanisms for network access to non-privileged and privileged accounts.

    I need the mechanisms and the supporting Microsoft page the validates the replay resistant aspects of Windows 2008.  I know Kerberos is in effect, but you still have a (configurable) window.  I know each user has a SID and each computer has a SID, but is the computer SID used in the process?  I am open to other considerations.
0
Comment
Question by:awakenings
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Author Comment

by:awakenings
ID: 33488407
The guidance states;

An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message. Techniques used to address this include protocols that use nonces or challenges (e.g., TLS), and time synchronous or challenge-response one-time authenticators.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 33488587
Kerberos is the default authentication method and you are protected against replay attacks

http://technet.microsoft.com/en-us/library/dd277401.aspx
...Note that since all authenticators must be unique, they are valid one time only. Therefore, Kerberos protects the system from replay attacks.....

Thanks

Mike
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question