meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

Tuesday, November 14, 2006

Windows Tip: Are cached credentials secure?

By Mitch Tulloch, MTIT Enterprises

A reader recently contacted me concerning a previous tip Troubleshooting Cached Logons where I shared a script that could be used to query your event logs to determine whether your machine is currently logged on using cached credentials. When you try to log onto your domain and your Windows XP computer can't contact a domain controller, your computer uses cached credentials to authenticate. These credentials are cached locally on your machine from a previous successful domain authentication, and are designed to enable you to log onto domain members when domain controllers are unavailable.

The reader told me that he heard from "some security experts" that storing domain credentials locally on client machines like this poses a security vulnerability since anyone who can gain access to your computer can run a password cracker against these stored credentials and extract your domain username and password from them. But how serious a vulnerability is this? To find the answer, I cracked open one of my all-time favorite books, Protect Your Windows Network: From Perimeter To Data by Jesper M. Johansson and Steve Riley.

Read the full article here.

0 Comments:

Post a Comment

<< Home