Windows Authentication

Question 1

Define SAM

Answer 1

Security Accounts Manager database where user account information is stored

Question 2

SAM Locations

Answer 2

Computer\HKEY_LOCAL_MACHINE\SAM\SAM

C:\WIndows\System32\config\SAM

Question 3

Define NTLM

Answer 3

NT LAN Manager

Question 4

Explain the NTLM Process

Answer 4

1. User shares their username, password and domain name with the client.
2. Client develops a hash — and deletes the full password.
3. Client passes a plain text version of the username to the relevant server.
4. Server replies to the client with a challenge, which is a 16-byte random number.
5. Client sends the challenge encrypted by the hash of the user’s password.
6. Server then sends the challenge, response and username to the domain controller (DC).
7. DC retrieves the user’s password from the database and uses it to encrypt the challenge.
8. DC then compares the encrypted challenge and client response. If these two pieces match, then the user is authenticated and access is granted.

Question 5

Explain the Kerberos Process

Answer 5

1. User/client generates authenticator with timestamp encrypted with user password
2. Client sends authenticator to KDC
3. KDC looks up user, checks timestamp, decrypts authenticator
4. KDC responds with timestamped TGT
5. Client decrypts TGT with password
6. Client requests server access to KDC
7. KDC updates TGT with access to server
8. Client gains access to server with updated TGT

Question 6

Define TGT

Answer 6

Ticket Granting Ticket