Details
The Kerberos protocol is a more secure protocol than NTLM and is based on ticketing. In this scheme, a user provides a valid user name and password to an authentication server. Then, the authentication server grants the user a ticket. The ticket can be used on the network to request network resources.
Rationale:
The NTLM protocol has a number of vulnerabilities where a malicious attacker can use a pass the hash attack to gain access to user credentials. The Kerberos protocol is a more secure protocol based on a ticketing system and is recommended.
Solution
Navigate to the InetpubAdminscripts folder using a Command Prompt window on the server that is running IIS
1. Enter the command cd Drive:inetpubadminscripts in the command prompt window.
Note In this command, Drive is the drive where Microsoft Windows is installed.
2. Enter the command cscript adsutil.vbs get w3svc/##/root/NTAuthenticationProviders in the command prompt window.
Note In this command, ## is the virtual server ID number. The virtual server ID number of the Default Web site in IIS is 1.
3. Enter the command cscript adsutil.vbs set w3svc/##/root/NTAuthenticationProviders Negotiate,NTLM
Note In this command, ## is the virtual server ID number.
4. Enter the following command in the command prompt window iisreset to reset IIS.
Impact:
A malicious attacker could exploit vulnerabilities in old NTLM protocols and gain access to user and administrative credentials.
Default Value:
NTLM
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.