Protecting Against Pass the Hash Attacks

Pas the Hash AttackPass the hash (PTH) attacks are becoming commonplace in the corporate world. While PTH attacks can be used against any operating system (Windows, Linux, Mac OS X, etc.), they’re most often associated with Windows due to commonly available attack tools for the Microsoft platform.

In most PTH scenarios, a victim's LM or NT Windows password hashes are stolen. Once the attackers have these hashes, they generally enjoy free reign throughout the network.

Defend Against Pass the Hash Attacks

For most organizations, defending against PTH attacks is a reactionary endeavor. But with Enterprise Random Password Manager (ERPM), you can prevent these attacks from ever occurring. Here’s how:

When a password is generated by ERPM, a FIPS 140-2 certified pseudorandom number generator chooses from among 94 possible characters for each character position. Once a password that meets your password policy (length, excluded characters, required characters, etc.) is generated, it's set for the target system. The password is then encrypted using the FIPS certified AES 256bit algorithm, and that encrypted value is written to ERPM’s data store.
 
This process is repeated for each and every system/account. At 15 characters, there are 94^15 - or more than 395 octillion (that's 395,000,000,000,000,000,000,000,000,000) - possible password combinations. ERPM can set passwords up to 127 characters.
 
Because each password is generated for each account on each host at run time, it's statistically improbable that any two accounts will have the same password. And because each account on each system now has a completely unique password, perpetrating PTH attacks becomes a non-issue for accounts managed with ERPM.

Moreover, should you desire, you can also implement (at the system/network level) IPSec with Authentication Headers and/or Encapsulating Secure Payload to further protect all network traffic, and provide additional protection against man-in-the-middle type attacks.

Want to learn more about how ERPM can protect your enterprise? Contact an account manager today.