Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Baseline checking and reinforcing method and system aiming at NTLM protocol attack

A protocol and baseline technology, applied in the field of baseline inspection and hardening, which can solve the problems of low security of NTLMv1

Active Publication Date: 2021-12-10
XIAN HUMEN NETWORK TECH CO LTD +1
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The current technology can effectively crack NTLM Hash through NetNTLMv1 within 24 hours. The security of NTLMv1 is low, so if conditions permit, NTLMv2 should be used for identity authentication by default.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Baseline checking and reinforcing method and system aiming at NTLM protocol attack

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach

[0035]It should be noted that the structures, proportions, sizes, etc. shown in this specification are only used to cooperate with the content disclosed in the specification for the understanding and reading of those familiar with this technology, and are not used to limit the conditions for the implementation of the present invention , any modification of structure, change of proportional relationship or adjustment of size shall still fall within the scope covered by the technical content disclosed in the present invention without affecting the effect and purpose of the present invention. .

[0036] At the same time, terms such as "upper", "lower", "left", "right", "middle" and "one" quoted in this specification are only for the convenience of description and are not used to limit this specification. The practicable scope of the invention and the change or adjustment of its relative relationship shall also be regarded as the practicable scope of the present invention without ...

Embodiment 1

[0038] Such as figure 1 As shown, the method and system for baseline inspection and reinforcement of NTLM protocol attacks, the method includes:

[0039] Call the entries related to NTLM protocol security in the registry;

[0040] Based on the security-related items, determine whether each security baseline against NTLM protocol attacks is compliant;

[0041] Choose non-compliant security baselines;

[0042] Perform security hardening on non-compliant security baselines.

[0043] Among them: In the Windows system, the system realizes the configuration of the system security policy through the registry. NTLM is an authentication protocol commonly used in Windows systems, but there are various attack methods against NTLM, especially the relay attacks on NTLM protocol. This method is applied to the Windows operating system to resist and mitigate the attacks of the NTLM protocol.

[0044] First, by analyzing the characteristics of the NTLM protocol attack and the weak parts o...

Embodiment 2

[0058] This embodiment two is applied to the method and system for baseline inspection and reinforcement against NTLM protocol attacks described in embodiment one. The meaning and specific configuration of the baseline inspection items involved in this method are as follows:

[0059] The key DisableLoopbackCheck of the registry key HKLM\SYSTEM\CurrentControlSet\Control\Lsa is used to indicate whether the system uses LSASS cache Challenge to prevent reflection attacks.

[0060] Whether the SMB service is enabled with signature settings, the registry key:

[0061] The EnableSecuritySignature and RequireSecuritySignature keys in HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters can effectively prevent the NTLM protocol relay attack in the SMB protocol.

[0062] Whether the LDAP server is signed, the registry key:

[0063] The ldapserver integrity in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parametershive controls the LDAP signature policy. For the ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a baseline checking and reinforcing method and system aiming at NTLM protocol attack. The method comprises the following steps: calling items related to NTLM protocol security in a registry; based on the security-related items, judging whether security baselines for resisting the NTLM protocol attack are compliant or not; selecting a non-compliant safety baseline; and carrying out safety reinforcement on the non-compliant safety base line. According to the method, NTLM protocol security baseline check items are designed by analyzing NTLM protocol attack characteristics and weak parts of an NTLM protocol, then whether NTLM protocol strategy configuration of a current Windows system is secure is detected according to the set baseline check items in a registry reading mode, and if an unsecure check item is contained, the configuration of the NTLM protocol is modified by modifying the registry, and the defense of the system to the attack of the NTLM protocol is enhanced.

Description

technical field [0001] The invention belongs to the field of baseline inspection and reinforcement, and in particular relates to a baseline inspection and reinforcement method and system for NTLM protocol attacks. Background technique [0002] The NTLM protocol is an embedded authentication protocol, which is embedded in some network protocols such as LDAP, SMB, HTTP or WEBADV, and supported by the NTLM Security Support Provider (NTLM Security Support Provider, NTLMSSP). [0003] NTLM relaying can be achieved if an attacker can listen to network traffic and forward NTLM-authenticated traffic to other hosts. Implementing NTLM relay requires the attacker to be able to receive NTLM authentication requests from other hosts, and the attacker forwards the challenge message to other hosts with credentials to complete identity authentication. [0004] If it is possible to force a certain host to issue an NTLM authentication request, and then use the Challenge in the host's challeng...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06G06F21/44
CPCH04L63/1441H04L69/26G06F21/44Y02D30/70
Inventor 崔艳鹏胡建伟尹圣超
Owner XIAN HUMEN NETWORK TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com