Microsoft has published a script that enables organizations to reset the password of the so-called krbtgt account, what should prevent attackers with a stolen krbtgt account access to confidential data on the network. These researchers would focus increasingly on developing methods to attack the Kerberos authentication.
Kerberos is a standard authentication protocol that allows users to log on securely to the network and to prove their identity, without having to log in each time. Kerberos authentication works by assigning a ticket to a logged-in user. These tickets are encrypted with a symmetric key that is derived from the password of the server where the user logs on.
To request a session ticket must have a special ticket called the Ticket Granting Ticket (TGT), be presented to the Kerberos service. The TGT is as said encrypted with a key derived from the password of the krbtgt account, which is known only by the Kerberos service. A stolen account password can also have serious consequences, because an attacker this if other users can occur and thus gain access to sensitive data.
One way to reduce the risk of an attacker used a compromised krbtgt key to falsify user ticket is periodically reset the krbtgt account password. By doing this regularly to the useful life of the krbtgt keys is limited in case an attacker is able to access them. Microsoft now has a script and its advice is made available to reset the password regularly.
"It is important to remember that resetting krbtgt is only one part of a recovery strategy alone will not prevent a previously successful attacker unauthorized access in the future to get a hacked environment," said Microsoft Tim Rains. He advises organizations therefore to draw up a comprehensive recovery plan.
No comments:
Post a Comment