|
|
|
|
|
|
by MPSimmons
1450 days ago
|
|
|
> Also seems prudent to get rid of passwords and move to Kerberos and SSH keys + 2FA. Anything else I'm missing? This is a good path to go down anyway, despite the fact that Kerberos, for instance, is totally susceptible to 'pass the hash'[1] type attacks. Concentrate on things like Yubikey-based authentication. You can do SAML/OIDC2/mTLS and SSH with Yubikeys. Eliminate passwords. [1] - https://www.beyondtrust.com/resources/glossary/pass-the-hash... |
|
|