Schannel Follow-up

Hello all! Nathan Penn back again with a follow-up to Demystifying Schannel. While finishing up the original post, I realized that having a simpler method to disable the various components of Schannel might be warranted. If you remember that article, I detailed that defining a custom cipher suite list that the system can use can… Read more

Retire Those Old Legacy Protocols

Hello Paul Bergson back again, and I wanted to bring up another security topic. There has been a lot of work by enterprises to protect their infrastructure with patching and server hardening, but one area that is often overlooked when it comes to credential theft and that is legacy protocol retirement. These legacy protocols were… Read more

Cipher Suite Breakdown

Hi all, my name is Jason McClure and I’m a Platforms PFE with Microsoft. If you read Demystifying Schannel from Nathan Penn, then you may be asking yourself “What do all those letters and numbers mean?” Often, we deal with confusion on the differences between a Protocol, Key Exchange, Ciphers, and Hashing Algorithms. Understanding the… Read more

Demystifying Schannel

Hello all! Nathan Penn here to help with some of those pesky security questions that have lingered for years. Recently I have been fielding several questions on “How do I make sure that I am only using the TLS 1.2 protocol?”, “Can you disable 3DES and the legacy ciphers?”, and the “I just got back… Read more

ADFS Deep Dive: Certificate Planning

The last blog was about planning for ADFS and what questions you should be asking when deploying it. I said that the next blog would be about what conversations and questions you should have with the application owners. After some thought, I’ve changed my mind and decided to write about certificate planning. During almost… Read more