This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
LDAPServerIntegrity
LDAPServerIntegrity

Version management

Difference between version and

At line 1 added 23 lines
!!! Overview
[{$pagename}] is a [Microsoft Active Directory] setting in the [Windows registry] on [Domain Controllers] to indicate the [policy] for "[LDAP Signing]"
[Microsoft] in order to prevent [Man-In-The-Middle] ([MiTM]) [Replay attacks] which are considered [DUA] ([clients]) which performed [Bind Requests] without [integrity] of the [LDAP Message] which are either:
* A SASL ([Negotiate SSP], [Kerberos], [NTLM], or [Digest SSP]) [LDAP] [Bind Request] that did not request signing (LDAPServerIntegrity), or
* A [LDAP] [Simple Authentication] [Bind Request] that was performed on a [cleartext] (non-[SSL]/[TLS]-encrypted) connection
!! Configuring [Domain Controllers] for [LDAP Signing]
You can use a [Windows registry] key or [Group Policy Object] ([GPO]) to configure [Domain Controllers] for [LDAP Signing]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Event ID 2886 — LDAP signing|https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941856(v=ws.10)?redirectedfrom=MSDN|target='_blank'] - based on information obtained 2020-01-18
* [#2] - [LDAP signing|https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd941832(v=ws.10)?redirectedfrom=MSDN|target='_blank'] - based on information obtained 2020-01-18
* [#3] - [Identifying Clear Text LDAP binds to your DC's|https://docs.microsoft.com/en-us/archive/blogs/russellt/identifying-clear-text-ldap-binds-to-your-dcs|target='_blank'] - based on information obtained 2020-01-18
* [#4] - [Query-InsecureLDAPBinds.ps1|https://github.com/russelltomkins/Active-Directory/blob/master/Query-InsecureLDAPBinds.ps1|target='_blank'] - based on information obtained 2020-01-18
* [#5] - [LDAP Signing Events Custom View.xml|https://github.com/russelltomkins/Active-Directory/blob/master/LDAP%20Signing%20Events%20Custom%20View.xml|target='_blank'] - based on information obtained 2020-01-18
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop