NTLM (NT LAN Manager) is a Microsoft authentication protocol used in non-human identity management systems.
Description
NTLM is a challenge-response authentication protocol that was developed by Microsoft to provide a secure way for entities to authenticate over a network. It is primarily used in environments that are not fully integrated into Active Directory. Although NTLM is considered less secure than newer protocols such as Kerberos, it is still widely used for legacy systems and applications that require backward compatibility. In non-human identity management, NTLM can facilitate secure communication between services and applications that do not have a human user directly involved, such as service accounts or automated processes. The protocol works by creating a hashed version of the user credentials, which are then sent over the network, allowing for verification without exposing plaintext passwords. Despite its vulnerabilities, NTLM remains relevant in certain scenarios, especially where older systems are in place, and organizations may have to manage these identities without extensive upgrades. Security best practices recommend using NTLM only when necessary and transitioning to more secure protocols where feasible.
Examples
- Service accounts in legacy applications using NTLM for authentication.
- Automated scripts or services that access network resources via NTLM.
Additional Information
- NTLM is susceptible to various types of attacks, including relay and brute-force attacks.
- Organizations are encouraged to transition to Kerberos for improved security whenever possible.