Dictionary
min read

NTLM

An older authentication protocol developed by Microsoft

What is NTLM?

NTLM (New Technology LAN Manager) is an older authentication protocol developed by Microsoft for Windows environments. The protocol uses a "challenge-response" mechanism to verify users' identities without sending passwords directly over the network.

NTLM is known for having several security vulnerabilities and is primarily used today as a fallback in situations where Kerberos cannot be used.

NTLM should be phased out in favor of Kerberos in modern Windows environments. Where NTLM must be retained, SMB signing should be enabled, and traffic should be strictly limited.

How NTLM Works:

  • The user sends their username to the server.

  • The server sends a random "challenge" to the client.

  • The client encrypts the challenge with the user's password hash and returns this response.

  • The server compares the response with its own calculation of the expected hash.

Sicra and NTLM

Sicra helps organizations implement best practices to improve their security posture and address future challenges.

With assistance, the attack surface can be reduced, and the following NTLM vulnerabilities can be managed:

  • NTLM lacks mutual authentication: Only the client authenticates to the server, not vice versa.
  • Pass-the-hash attacks: Attackers can steal NTLM hashes and use them directly for access without cracking the password.
  • Weak encryption algorithms: NTLMv1 uses MD4/MD5, which are vulnerable to brute force attacks.

Services

Learn more about "security consulting" here >


Related terms:

Authentication, Best practice, Compliance, Cyber Kill Chain, Cybersecurity, Exploit kit, Hacking, SOC (Security Operations Center), Zero-day vulnerability

Need Assistance?

We are happy to have a non-binding conversation.

Contact us

Tailored cybersecurity for institutions and enterprises that allows for innovation, growth, and fearless performance.

Get in touchCall us +47 648 08 488