Child pages
  • April 12, 2013
Skip to end of metadata
Go to start of metadata

AD-Assurance Notes from April 12

David Walker, InCommon/Internet2 
Eric Goodman, UCOP 
Brian Arkills, UWash 
Michael Brogan, UWash
Lee Amenya, UCSD 
Mark Rank, UCSF 
Ann West, InCommon/Internet2

Next Call

April 12 at Noon ET
+1-734-615-7474 PREFERRED
+1-866-411-0013
0195240#

Agenda: NASA Call summary; strategy for next steps. 

Notes

Brian - NTLM v1, verify NTLM v2 - replay,  Kerberos - research

* NTLM v2 does address replay attacks - remove

Lee - 4.2.5.1 and 4.2.5.6 decide whether the past the hash fits under the criteria and is it addressed by what's in the table. 

Eric - Password set events to the domain controller - is it secure and where does it go. Subject to IdP change password. 

Mark - use cases captured and risk analysis for each must be address. 

  • No labels