You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
channel binding
About this tag
Channel binding is a security mechanism that ties authentication to a specific communication channel, preventing relay attacks. On Windows, it is commonly applied to LDAP over SSL/TLS and NTLM authentication. Microsoft has introduced protections that enforce channel binding for LDAP, as described in CVE-2017-8563, and has announced plans to enable LDAP channel binding by default in Active Directory environments. These measures help mitigate NTLM relay attacks by ensuring authentication tokens are bound to the encrypted session, making them unusable if intercepted and replayed. Administrators can configure channel binding via the LdapEnforceChannelBinding registry entry to enhance security.
In a bold move to bolster network defenses, Microsoft has unveiled new protections against NTLM relay attacks, breathing a sigh of relief for network administrators who have long battled with the vulnerabilities associated with NTLM (NT LAN Manager) authentication. This development arrives as...
In a bold move to fortify Windows environments, Microsoft has officially ramped up its defenses against NTLM relay attacks, a method that exploits the weaknesses of the long-reigning NTLM (NT LAN Manager) authentication protocol. As we venture into a new era for Windows security, it’s essential...
マイクロソフトでは、2020 年初頭に、Active Directory ドメイン環境内の LDAP 通信の安全性を向上するために、LDAP 署名、およびLDAP チャネルバインディング (LDAPS 利用時)を既定で有効化します。
The post [AD管理者向け] 2020 年 LDAP 署名と LDAP チャネルバインディングが有効化。確認を! appeared first on Microsoft Security Response Center.
Continue reading...