Windows 11 now have better protection against attacks of a brute-force nature. That being said, it is going to be taking a whole lot of time in trying out several combinations.
Windows 11 Now Have Better Protection against Attacks of Brute-Force Nature
The SMB server service of Microsoft on windows 11 has been given a new update that is aimed at making the service better at defending against brute-force attacks. In the latest windows 11 2022 update, the Insider Preview Build 25206 that was pushed to the Dev Channel recently, the SMB authentication rate limiter by default is enabled. What’s more here is that a few other settings have been tweaked in order to make these attacks ‘less effective.’
The News Was Announced Via a Blog Post
“With the release of Windows 11 Insider Preview Build 25206 Dev Channel today, the SMB server service now defaults to a 2-second default between each failed inbound NTLM authentication,” the principal program manager in the Microsoft Windows Server engineering group, Ned Pyle, said when announcing the news in a blog post.
“This means if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take 50 hours at a minimum.”
By toggling the very feature on, there is an instant delay between each NTLM authentication attempt that’s unsuccessful, thus making the SMB server service more resilient and resistant to brute-force attacks.
“The goal here is to make a Windows client an unattractive target either when in a workgroup or for its local accounts when joined to a domain, “Amanda Langowski and Brandon LeBlanc claimed.
The Authentication Limiter Was Introduced Six Months Ago
Another thing to note here is this; the authentication limiter, which of course is not enabled by default, was introduced first to the windows server, windows 11 Insider builds, and windows server Azure edition, six months ago. On the other hand, the SMB server automatically launches on all of its versions. It however needs to be exposed to the internet simply by opening a firewall manually.
How to Access the New Updated Feature
Those users who are interested in trying out the new feature will need to run this very power command: Set-SmbServerConfiguration -InvalidAuthenticationDelayTimeInMs n
“This behavior change has no effect on Kerberos, which authenticates before an application protocol as SMB connects. It is designed to be another layer of defense in depth, especially for devices not joined to domains such as home users,” Pyle also added.