RE: LM and NTLM Hashes
From: Roger A. Grimes (roger_at_banneretcs.com)
Date: 09/09/05
- Previous message: Mike MacNeill: "RE: Hardening Tap7G servers"
- Maybe in reply to: Flavio Braga: "LM and NTLM Hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 Sep 2005 18:17:21 -0400 To: "Flavio Braga" <flaviobs@uol.com.br>, <security-basics@securityfocus.com>
Telnet, Pop3, and FTP all send clear-text passwords by default. If
you're using Outlook or OE with Exchange, you can enable SPA (Secure
Protected Authentication..or something like that) in both the client and
server. If it is another combination, then you can use IPSec, SSL, or
something like that to encrypt communications.
Roger
************************************************************************
***
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), TICSA, CEH, CHFI
*email: roger_grimes@infoworld.com or roger@banneretcs.com
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****
-----Original Message-----
From: Flavio Braga [mailto:flaviobs@uol.com.br]
Sent: Tuesday, September 06, 2005 12:56 PM
To: security-basics@securityfocus.com
Subject: LM and NTLM Hashes
I saw that pop3 clients send passwords in text mode. Is there any way to
protect passwords from email clients? Or the users have to access emails
from webmails?
- Previous message: Mike MacNeill: "RE: Hardening Tap7G servers"
- Maybe in reply to: Flavio Braga: "LM and NTLM Hashes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
