What is better NTLM or Kerberos?

Kerberos provides several advantages over NTLM: – More secure: No password stored locally or sent over the net. – Best performance: improved performance over NTLM authentication. – Delegation support: Servers can impersonate clients and use the client’s security context to access a resource.

What is NTLM and how it works?

NTLM credentials are based on data obtained during the interactive logon process and consist of a domain name, a user name, and a one-way hash of the user’s password. NTLM uses an encrypted challenge/response protocol to authenticate a user without sending the user’s password over the wire.

Do we need NTLM?

NTLM is Microsoft’s mythological legacy authentication protocol. Although new and better authentication protocols have already been developed, NTLM is still very much in use – even the most recent Windows versions support NTLM, and its use is still required when deploying Active Directory.

Why is NTLM still used?

Current applications. NTLM authentication is still supported and must be used for Windows authentication with systems configured as a member of a workgroup. NTLM authentication is also used for local logon authentication on non-domain controllers.

What all uses NTLM authentication?

Windows Challenge/Response (NTLM) is the authentication protocol used on networks that include systems running the Windows operating system and on stand-alone systems. The Microsoft Kerberos security package adds greater security than NTLM to systems on a network.

How bad is NTLM?

The most critical issue with NTLM is that it does not commonly provide mutual authentication. And while this is an issue by itself, it leads to the more severe issue of NTLM being susceptible to replay and man-in-the-middle attacks. This can happen whenever a user authenticates to a server via NTLM.

Why you should disable NTLM?

Keypoints

  • Many vulnerabilities are based on NTLM.
  • NTLM has been replaced by Kerberos and is used for backward compatibility and as fallback mechanism.
  • Blocking NTLM can have an impact on services.
  • Configuration errors and exceptions can be identified with an analysis over several months.