Tower Defense Tip: Less Secure Protocols

Let's talk about some less secure internal network protocols.

One of the most common attacks a malicious actor will attempt on the internal network is LLMNR/NBT-NS poisoning. The attacker can listen for these protocols traffic then spoof the responses which tricks a victim into logging into a malicious server with their credentials stolen.

Defensive Measures:

1. Disable LLMNR through the group policy editor.

2. Disable NBT-NS through network connection settings.

3. Enable SMB signing which digitally signs the data transferred to prevent NTLM relay attacks

4. Additionally you could consider implementing a security product which filters and blocks malicious network traffic or network monitoring software to monitor for LLMNR and NBT-NS ports.