Home > Security Tips > Tech Tips > Invalidate LANMan
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

TECH TIPS

Invalidate LANMan


Tom Lancaster
03.25.2003
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   




One of the easiest holes to exploit in Windows security is the LANManager security. LANManager is an incredibly weak security system that was used eons ago, back in the Windows for Workgroups (Windows 3.1) days. And of course, in the interests of backwards compatibility, it has lived on and on through each subsequent version of Windows. If you're interested in security, getting rid of older versions of Windows should really be a priority. This tip contains two ways to prevent LANManager from coming back to haunt you, but they assume you don't have Windows NT or earlier systems in your environment.

First, use long passwords. The hash algorithm in LANManager only worked up to 14 characters, so passwords longer than 14 characters cannot be broken by the simple mechanisms routinely u



sed to crack LANManager passwords.

Second, consider using Unicode in your password. It's fairly common for people to use punctuation marks and other non-standard characters from your keyboard in passwords to make them harder to guess, but Unicode passwords go an extra step, since LANManager doesn't do Unicode. However, they're a little harder to enter. Generally, you can hold the ALT key and type a 4-digit number from the keypad to enter Unicode characters. (Unicode characters are two-bytes and exist generally to support large alphabets.)

About the author
Thomas Alexander Lancaster IV is a consultant and author with over ten years of experience in the networking industry, focused on Internet infrastructure.

For more information, visit these resources:

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Tech Tips,   Application and Platform Security,   Windows Security: Alerts, Updates and Best Practices,   Operating System Security,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Tech Tips
Video: The foundation of an email security strategy
Biometric authentication know-how: Devices, systems and implementation
The 5 A's of functional SAN security
Effective storage security policies
Smart options for safeguarding stored data
Outfox SOX: How to make regulations work for you
Roberta Bragg's 10 Windows hardening tips in 10 minutes
Using free network intrusion detection and prevention tools to stop hacks
Hacker techniques and exploits: Prevent system fingerprinting, probing
How to stop hacker theft: Employee awareness, risk assessment policies

Windows Security: Alerts, Updates and Best Practices
Microsoft to address DirectShow, ActiveX zero-day flaws
New attack code targets Microsoft ActiveX zero-day vulnerability
When BIOS updates become malware attacks
Microsoft patches WebDAV security vulnerability in bevy of updates
Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities
Hackers targeting unpatched Microsoft DirectShow flaw
Microsoft warns of IIS zero-day vulnerability
Microsoft updates Office to address serious PowerPoint vulnerabilities
Microsoft to patch critical PowerPoint zero-day flaw
How to perform Microsoft Baseline Security Analyzer (MBSA) scans

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
BotHunter  (SearchSecurity.com)
principle of least privilege (POLP)  (SearchSecurity.com)
security identifier  (SearchSecurity.com)
trusted computing  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
More Security Resources for Resellers, VARs and OEMs
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts