Session Title: Authentication is strange
Abstract: Got 2 factor authentication? Considering it? What if you could walk straight past all that expensive gear and get in with just a password anyway? There are so many standards supported, you may just find you can do more than you thought. This session looks into authentication, how it is protected and passed around. After all, it is only the single most important component of our security architecture. There is plenty of industry discussion on the security of passwords, and plenty on cracking them too. There is however a distinct lack of information and understanding of how authentication is passed between various systems on the network. SQL, IIS, HTTP, Cookies, SMB, RPC's and Kerberos all combine to confuse the matter. Is NTLM secure? What about versions? Is clear text ok? Might sound silly, but you are likely to be suprised. How is authentication relayed between systems? What happens when you aren't on the domain? I'll attempt to answer all this and more as we map out who gets given the keys to the kingdom.
Speaker: Paul Young