The intruder can reuse the ticket to impersonate the legitimate user. In addition, unsigned network traffic is susceptible to man-in-the-middle attacks, in which an intruder captures packets between the client computer and the server, modifies the packets, and then forwards them to the server.
Consider enhancing the security of your domain controllers by configuring them to reject simple LDAP bind requests and other bind requests that do not include LDAP signing. To enhance the security of your network, you should consider configuring the domain controller to reject unsigned LDAP communications. You should first identify all the client computers that are using unsigned binds.
When unsigned binds occur, the domain controller will log Event ID every 24 hours, indicating how many unsigned binds have occurred.
If you want to learn specifically which client computers are using unsigned binds to the domain controller, you can enable diagnostic logging for LDAP Interface Events. Membership in Domain Admins , or equivalent, is the minimum required to complete this procedure. AdamThompson Yep, I confirm that — user Show 3 more comments. Active Oldest Votes. Improve this answer. Adam Thompson Adam Thompson 3 3 silver badges 12 12 bronze badges. Add a comment. Sign up or log in Sign up using Google.
Sign up using Facebook. Sign up using Email and Password. Post as a guest Name. Email Required, but never shown. The Overflow Blog. Podcast Making Agile work for data science. Stack Gives Back Featured on Meta. New post summary designs on greatest hits now, everywhere else eventually. In Start Search, type Command Prompt.
At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
Verify Membership in Domain Users, or equivalent, is the minimum required to perform the following procedure. To open Ldp, click Start. In Start Search, type ldp. Right-click the Ldp icon on the Start menu, and then click Run as administrator. Click the Ldp Connection menu, and then click Connect.
In Server, type the host name of the server to which you want to connect. Click the Connection menu, and then click Bind.
0コメント