戻る
-
タイトル
When connecting to a Windows or Windows Active Dir platform for password checks and reset is the communication encrypted? -
説明
Are password changes to target windows systems encrypted in transit?
How is communication between TPAM and a system encrypted when performing a password change.
What encryption is used when communicating with Windows target systems?
Is it possible to use LDAPS TCP/636 when using "Windows Active Dir" platform?
-
対策
When communicating with Windows, or Windows Active Directory TPAM does not send sensitive information such as passwords insecurely over a network. (This can be verified by performing a packet trace on the managed Windows system and monitoring the incoming data from TPAM during a normal password reset/check.)
TPAM follows the standard behavior of Windows / Microsoft protocols and attempts to use the highest level of security that the connection will allow. In most cases this is NTLMv2 (since Kerberos is limited to domain members). TPAM does not further encrypt Windows traffic than is already done via the Windows protocols. Unsecured LDAP is not used.
The LDAPS platform does not support being used on Windows AD LDAPS (TCP/636)