![]() |
![]() |
![]() |
|
Summer/Fall 2010 [Number 247]
|
||||||||||
![]() |
CIT Retires NTLM Version 1To enhance computer and networking security for all of NIH, CIT is retiring the authentication protocol Windows NT LAN Manager version 1 (NTLM v.1) at the enterprise level. NTLM version 2 has superseded version 1, and upgrading to the newer version ensures that our authentication services to NIH remain up-to-date and in compliance with security standards. What is NTLM? NTLM is an authentication protocol that CIT provides to NIH as part of our Active Directory (AD) Infrastructure Services. These services are important to all NIH computer users because your access to NIH applications and networks services relies on the AD's management of user accounts, computers, and other IT resources. As an AD authentication protocol, NTLM provides a challenge-response authentication mechanism, in which clients are able to send their identities without sending a password to the server. What will change? Once version 1 has been retired, domain controllers will refuse LM and NTLM v.1 responses and accept only NTLM v.2 responses. Clients will use NTLM v.2 authentication, and should use NTLM v.2 session security if the server supports it. Upgrading from NTLM version 1 to version 2 offers several benefits for users:
Retirement timeline The NIH Architecture Review Board (ARB), the NIH Information Technology Management Committee (ITMC), and the Chief Information Security Officer (CISO) initially approved the retirement of NTLM v.1 in 2006. A full shutdown of NTLM v.1 was scheduled to occur in 2007, however some ICs were not able to update their systems and applications to support NTLM v.2 in time. To ensure a smooth process for the entire NIH community, we extended the testing and implementation schedule for the retirement project into this year. DCSS has been conducting testing to ensure that all ICs are ready for the version 1 retirement. Full implementation of the NTLM v.1 retirement is currently set for the end of October. Questions? If you have questions about the NTLM v.1 retirement and its potential impact on you, please contact the NIH IT Service Desk online at http://itservicedesk.nih.gov or by phone at 301-496-4357 (6-HELP) (local), 866-319-4357 (toll free), or 301-496-8294 (TTY), and the Service Desk personnel will direct you to the proper contact. |
![]() |
Published by Center for Information Technology, National Institutes of Health |
Accessibility | Disclaimers | Privacy Policy | FOIA | Office of Inspector General |
![]() ![]() ![]() ![]() NIH...Turning Discovery into Health |