Discover and read the best of Twitter Threads about #NTLM

Most recents (1)

I've recently consulted one company about #NTLM-family protocols. They had various monitoring & hardening questions.
So, I decided to post some of their questions with the answers:
1. LM protocol is old and weak - how can we monitor its usage?
1. In general, you can monitor it using "Package Name" field of 4624/4625 events. But, keep in mind that LM is disabled by default starting with Win7/WS2008R2.
So, if you still have some old machines using it, LM is definitely not the biggest problem for you😵
2. Can we block NTLM protocols on our Firewall?
No. NTLM-family don't have default transport protocol, so there is no default associated ports with these protocols. Most common transports are SMB, HTTP and SMTP.
Other mechanisms exist for disabling them, see below.
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!