New Delhi: Microsoft has unveiled a new security feature in Windows 11 that will make it very difficult for hackers to steal user credentials.
It’s called the SMB Authentication Rate Limiter, and it’s available on Windows 11 Insider and Windows Server Insider, making it time-consuming for cybercriminals to target the server with password-guessing attacks.
“If your organization doesn’t have intrusion detection software or you don’t set a password lock policy, an attacker could guess a user’s password within days or hours. A consumer user who turns off the firewall and brings their devices onto the network,” Microsoft security expert Ned Pyle said. Insecure ones have a similar problem.”
The company said that the SMB server service now defaults by two seconds by default between each incoming New Technology Local Area Network Manager (NTLM) authentication failure.
SMB stands for Server Message Block (SMB) network file sharing protocol, while Windows NTLM is a set of security protocols provided by Microsoft to authenticate users’ identity and protect the integrity and confidentiality of their activity.
“This means that if an attacker had previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take at least 50 hours. The goal here is to make the machine a very unattractive target to attack local credentials by SMB,” Bale reported.
SMB stands for Server Message Block (SMB) network file sharing protocol. Windows and Windows Server come with an SMB server enabled. NTLM stands for NT Lan Manager (NTLM) protocol for client authentication with, for example, NTLM logins in Active Directory (AD).
Microsoft rolls out several secure default settings in Windows 11, including the default account lockout policy to mitigate RDP attacks and other brute force attacks on passwords.