|
|
|
|
|
|
by jiggawatts
975 days ago
|
|
|
You admit yourself that the defaults are bad. Because the defaults are bad, vendors have the ability to ship products that are insecure but will still work on a default / typical network. Administrators have to make risky changes with complex monitoring systems in place to tighten the security to a reasonable level. The larger the network the harder this is, to the point where it becomes impossible because there are too many incompatible devices. This is the criticism of the protocol: it not only leads to a pit of failure from which each customer has to dig their own way out. |
|
|
I'm also not going to respond to a non-expert's plea for information with unnecessary minutiae like the differences between LM, NT, and NTLM hashes or the differences between NTLMv1/v2 and NetNTLM. My ommissions were intentional because i'm trying to make my comment approachable.
In a default, non-hardened Windows environment, NTLM is a nightmare. Yes, it can be secured. No, it is not straightforward.