• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win2k home network shared directory authentication

D

Dooling37

Senior member
I've got 3 computers running Windows 2000 Pro on my home network with multiple shared directories. I allow only admin access to these directories -- however, I'm concerned about passing my admin password for authentication as all traffic is passed over my wireless network, using WEP encryption. In the event that someone were capturing my traffic, able to crack the WEP key, and decrypt the traffic, would they then be able to view my admin passwords? Or is SMB authentication further encrypted?
From what I gather, NTLM encryption is used for authentication in Active Directory environments, but I don't think this is the case on a home network with just a couple Win2k Pro hosts.

?

Thanks a lot for your thoughts..


(here's what I've found about AD environment authentication🙂
---------------------------------------------------------------------------------------------------
MS Windows clients may use encrypted passwords as part of a challenge/response authentication model (a.k.a. NTLMv1 and NTLMv2) or alone, or clear-text strings for simple password-based authentication. It should be realized that with the SMB protocol, the password is passed over the network either in plain-text or encrypted, but not both in the same authentication request.

When encrypted passwords are used, a password that has been entered by the user is encrypted in two ways:

* An MD4 hash of the unicode of the password string. This is known as the NT hash.
* The password is converted to upper case, and then padded or truncated to 14 bytes. This string is then appended with 5 bytes of NULL characters and split to form two 56-bit DES keys to encrypt a ?magic? 8-byte value. The resulting 16 bytes form the LanMan hash.

MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x and version 4.0 pre-service pack 3 will use either mode of password authentication. All versions of MS Windows that follow these versions no longer support plain text passwords by default.
---------------------------------------------------------------------------------------------------
 
Wireless networks are inherantly insecure. I dont know anything about how windows 2000 passes passwords, but I know that WEP, WPA, etc etc all can be defeated fairly easily. If any traffic is passing that you dont want to have possibly picked up and read, dont use wireless.

And you are correct, active directory is not what you do when you have just a couple of win2k boxes that are sharing folders.

If you really want to know for 100% certainty, just d/l a network packet sniffer and sniff the packets you are sending when you put your password in. See what it looks like.

I think ethereal is one if I remember correctly.
 
i think 2000 is cleartext by default. I think XP is encrypted. not 100% though. I believe there are options in windows management window to turn on/off the encryption.
 
TBH, if you do the basic wireless security, most "hackers" won't bother. 128 WEP, SSID off, Mac Authentication, no DHCP on the wireless aren't too hard to crack, but they are lots harder then your neighbor, who is screaming "linksys" at the wireless world. 😛

If your data is that important (i.e. work type, gov't type) then upgrade to a decent wireless enviroment, like Cisco 1200 AP's, EAP-TLS Authentication, WPA2 encryption, 30 second Broadcast Key Rotation and reauthentication make it pretty mean cookie to crack.
 
From what I gather, NTLM encryption is used for authentication in Active Directory environments
Click to expand...

Semi-off topic, but you gather incorrectly. Unless you have clients running an OS before Windows 2000, they will authenticate using Kerberos. Also NTLM is an authentication protocol, not an encryption scheme. It uses encryption, but that is not the same thing.
 
Folks,
thanks for the replies. I realize that WEP isn't strong encryption. However, as nweaver points out, I'm relying on the concept of "low-hanging fruit", in other words -- I think I've made my network a lot less attractive to leach / eavesdrop on than my neighbors, through some other measures.
However, as a matter of principle, I would not want my Windows admin passwords being passed across the network without any additional encryption (OS-level encryption) on top of the WEP. So that is essentially my question -- is there any OS-level encryption for the shared directory authentication?

STaSh, thanks for the clarification. However, my home Win2k Pro network would not authenticate for shared directories with Kerberos unless there was an Active Directory DC in the mix, right?
 
However, my home Win2k Pro network would not authenticate for shared directories with Kerberos unless there was an Active Directory DC in the mix, right?
Click to expand...

That's right.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top