1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Windows 11 now has much better protection against brute-force att

    From TechnologyDaily@1337:1/100 to All on Thu Sep 22 18:15:04 2022
    Windows 11 now has much better protection against brute-force attacks

    Date:
    Thu, 22 Sep 2022 17:06:53 +0000

    Description:
    New Windows 11 update means it will take a lot more time to try out numerous combinations, making attacks less effective

    FULL STORY ======================================================================

    Microsofts SMB server service on Windows 11 has been given an update aimed at making it better at defending against brute-force attacks.

    In the operating systems latest Windows 11 2022 update , the Insider Preview Build 25206, recently pushed to the Dev Channel, SMB authentication rate limiter is enabled by default.

    Whats more, a couple of other settings have been tweaked to make these
    attacks less effective. Unattractive target

    "With the release of Windows 11 Insider Preview Build 25206 Dev Channel
    today, the SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication," Ned Pyle, Principal Program Manager in the Microsoft Windows Server engineering group, said in a blog post
    announcing the news.

    "This means if an attacker previously sent 300 brute force attempts per
    second from a client for 5 minutes (90,000 passwords ), the same number of attempts would now take 50 hours at a minimum."

    In other words, by toggling the feature on, there is a delay between each unsuccessful NTLM authentication attempt, making the SMB server service more resilient to brute-force attacks.

    "The goal here is to make a Windows client an unattractive target either when in a workgroup or for its local accounts when joined to a domain,"
    Microsoft's Amanda Langowski and Brandon LeBlanc chimed in.

    The authentication rate limiter, which is not enabled by default, was first introduced to Windows Server, Windows Server Azure Edition, and Windows 11 Insider builds, some six months ago. The SMB server, on the other hand, does launch automatically on all versions. It needs to be exposed to the internet, though, by manually opening a firewall. Read more

    Brute-force attacks targeting MSSQL servers, Microsoft warns


    Microsoft sounds the alarm over new wave of password spraying attacks


    These are the best firewalls right now

    Those interested in trying out the new feature need to run this PowerShell command:

    Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n

    "This behavior change has no effect on Kerberos, which authenticates before
    an application protocol like SMB connects. It is designed to be another layer of defense in depth, especially for devices not joined to domains such as
    home users," Pyle also said These are the best endpoint protection services right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/windows-11-now-has-much-better-protection-again st-brute-force-attacks/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)