LDAP Signing

Written by Donald Ross

Lab geek, Pi lover and retro arcade machine builder.

Insights

v

0 Comment(s)

18th March 2020

}
< 1 min read

In Microsoft’s March update for Windows, administrative options have been added in the Registry to improve security for LDAP. Currently by default, the server accepts unsigned Simple Authentication and Security Layer (SASL) LDAP binds and clear-text simple binds.

Allowing these binds can make your network vulnerable as they can be exploited by man-in-the-middle and replay attacks. During an attack a malicious actor can intercept and retransmit packets in order to forge LDAP requests.

Microsoft recommends configuring the LDAP server to reject unsigned binds and simple binds as part of their best practices. This will help secure your network against attacks.

 

Check Out These Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Cyber Security

Application Security

Cloud Security

Data Security

Endpoint Security

Identity & Access

Network Security

Services

Managed Services

Maintained Services

Professional Services

Support Services

Training Services

Partners

F5 Networks

Palo Alto Networks

Fortinet

NCipher

Baramundi

+ All Partners

Company

News

Careers

Contact Us

FullProxy Labs

FullProxy Logo
© 2021 - FullProxy Limited

FullProxy is a limited company registered in Scotland.
Company Registration Number: SC522283

Head Office: 1 West Regent Street, Glasgow, G2 1RW
Registered Office: 15 Gladstone Place, Stirling, FK8 2NN

Telephone: +44 141 291 5500