Join us at hack.lu 2025 — Info & Registration
Duration: 30 min
Type: Talk
Speakers: Marina Bochenkova
Abstract
We know the world runs on legacy. We know it’s not supposed to. But when vendors or LinkedInfluencers command us to phase out old systems and protocols, it sometimes seems like their expectation-versus-reality connection is faulty.
This talk will walk you through the ~adventure~ of disabling a recently-deprecated Microsoft authentication protocol with numerous security problems: NTLM.
For decision-makers, this is an opportunity to better understand the struggles of on-the-ground IT and security teams trying to bring outdated systems in line with industry standards. For IT and information security peers, this presentation will share valuable resources and “lessons learned” for successfully phasing out NTLM (and similar thorns-in-sides) within their own organizations.
Description
Microsoft introduced NT Lan Manager in 1993 as a replacement for LANMAN, born in 1987. Just seven years later, they announced Kerberos as the default replacement for NTLM and instructed companies to stop using it. No one did. Now, in June 2024, Microsoft has announced the deprecation of the entire NTLM authentication protocol family, and even removed older versions from newer OS versions.
Why is this legacy protocol still so widely used, 24 years after it stopped being the default replacement? The answer is a combination of factors, some of which this talk will explore:
- corporate communication and decision-making
- application development lagging behind security standards
- flaws in the replacement protocol
- underfunded, understaffed, and overwhelmed IT teams
Having completed this project in the IT environment of a mid-sized enterprise, this presentation will also discuss resources and lessons learned that could help get the job done elsewhere. It will also illustrate to those outside the field why IT and security are critical business functions, not cost centers.
