MS-10-P1 Security Policies Flashcards
Windows systems use this technology including older legacy protocols and services
Legacy Technologies
Used when DNS cannot provide name resolution using multicast
LLMNR
Used when LLMNR cannot provide name resolution. Uses broadcasts, whereby each computer can respond
NetBIOS
A hacker will listen to LLMNR, NetBIOS traffic and wait for mistyped UNC to forge a response to the query and accept NTLM hash authentication and crack the hash
LLMNR/NetBIOS poisoning
MITM poisoning - impersonate a file server - relay access request from a client - relay authentication request from server - accept NTLM hash to crack
SMB (Server message block) Relay
Providing a digital signature for packets
SMB signing
Everything is encrypted
Zero Trust
Is the process of applying tight security policies that reduce the attack surface.
Network Operation Hardening
Windows systems use many technologies, including older legacy protocols and services that can be exploited by attackers to gain access to critical assets in the environment. Some of these technologies, when not in use, should be disabled to reduce the attack surface and narrow the options available to attackers.
Legacy Technologies
The Link-Local Multicast Name Resolution (LLMNR) protocol is a Windows environment alternative method for host resolution. It is based on the DNS packet format and allows hosts on the same local link (subnet) to perform name resolution for other hosts.
Disabling LLMNR
By default, LLMNR is turned on and can be turned off through the group policy Turn off Multicast Name Resolution
Disabling LLMNR
to what extent user and system actions and activities can be logged in a local machine.
Audit Policies
is a client-server authentication protocol used by default in a Windows-based environment.
Kerberos Authentication