Web lists-archives.com

Re: [Samba] how safe is "net use" in a batch file? plus some encryption questions




Am 2017-11-11 um 20:48 schrieb Rowland Penny via samba:
> On Sat, 11 Nov 2017 13:32:31 -0600
> Andrew Walker <walker.aj325@xxxxxxxxx> wrote:
> 
>> I thought "net use" will use ntlm for auth (no clear-text passwords
>> passing over the wire). At least that's what I see in wireshark on
>> modern windows.
>>
> 
> If you use NTLMv1, you might as well use plain passwords. Given the
> NTLMv1 password, it would take your average badhat about half an hour
> to have the plain password.

That will be first priority to get rid of that, sure.
Plus new passwords after closing that gap.

>> Unless your XP systems are air-gapped, it is that bad ;-)
>>
>> I know that in some cases it's impractical to upgrade Windows
>> versions. For instance, I helped a man once who had a machine shop /
>> small business. His CNC mill required windows 98. Replacing the CNC
>> mill would cost over $50,000, which was not practical; however,
>> keeping the network air-gapped was practical.
> 
> There are cases when using an old OS version is valid, but they are few
> and far between, the case above is one of them. In Stefan's case, I am
> sure that an upgrade path can be found, it may prove to be cheaper in
> the long run ;-)

This is a very protected environment: the VMs are only accessible from a
specific subnet etc etc

But I agree: XP shouldn't be there anymore.

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba