The Core Idea
Authentication in Windows relies on credentials, cryptography, and trust relationships—not plain passwords flying over the network.
Main Authentication Protocols
NTLM
- Legacy authentication mechanism
- Uses challenge–response
- Vulnerable to relay and pass-the-hash attacks
- Still present for backward compatibility
Kerberos (Default)
- Ticket-based authentication
- No password is sent over the network
- Uses:
- TGT (Ticket Granting Ticket)
- Service Tickets
- Strongly tied to Active Directory
Why Kerberos Is Better
- Mutual authentication
- Time-based ticket expiration
- Resistant to replay attacks
- Scales well in enterprise environments
Security Takeaway
> If you see NTLM in modern environments, treat it as technical debt.
Disabling NTLM, enforcing Kerberos, and monitoring authentication logs are essential steps for securing Windows domains.
Authentication isn’t about logging in — it’s about trust.