This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
xiro
Contributor
‎2021-07-21 12:26 AM

CP disable NTLMv1

Hi,

I'm a bit confused about CPs use of NTLMv1.
Our Windows admins contacted us, beause they'd like to disable NTLMv1 on the DCs out of security concerns. Prior that, they did a check of the logs and they see NTLMv1 logs generated by our CP gateways. They asked us if it is possible to use NTLMv2 and disable v1..

We have AD Query in use, we have a MGMT on R81 and GWs on 80.40. 
A few months ago I already checked the NTLM setting on the MGMT via "adlog a", and "Use NTLMv2" is checked properly. (sk91462)

Despite that, the admins told us that they still see NTLMv1 logs originating from CP.

 

Does someone know if there is any other setting that needs to be changed in order to disable NTLMv1 completely?

 

Thx

0 Kudos
1 Reply
_Val_
Admin
Admin
‎2021-07-21 02:57 AM

If you did what sk91462 describes, the next step is to configure DC to reject NTMLv1. AFAIK, even if the GW is set to use v2, it still tries v1 before anything else. I would recommend to run lab tests before making a production change

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events