Microsoft has unveiled a new security feature in Windows 11 that makes it extremely difficult for hackers to steal user credentials.
Called the SMB Authentication Speed Limiter, it is available in Windows 11 Insider and Windows Server Insider builds and makes it more time-consuming for cybercriminals to attack the server with password-guessing attacks.
“If your organization doesn’t have intrusion detection software or don’t set up a password lock policy, an attacker could guess a user’s password within days or hours. A consumer user who disables their firewall and takes their device to an insecure network has a similar problem,” Microsoft said. security expert Ned Pyle.
The company said that the SMB server service now defaults to a default value of two seconds between each failed incoming New Technology LAN Manager (NTLM) authentication.
SMB refers to the Server Message Block (SMB) network file sharing protocol while Windows NTLM is a set of security protocols provided by Microsoft to verify the identity of users and protect the integrity and confidentiality of their activities.
This means that if an attacker previously sent 300 brute force attempts per second from a client for 5 minutes (90,000 passwords), the same number of attempts would now take a minimum of 50 hours. The goal here is to make a machine a very unattractive target. for attacking local credentials via SMB,” Pyle informed.
SMB refers to the Server Message Block (SMB) network file sharing protocol. Windows and Windows Server ship with the SMB server enabled. NTLM refers to the NT Lan Manager (NTLM) protocol for client-server authentication with, for example, Active Directory (AD) NTLM logins.
Microsoft implements several secure defaults in Windows 11, including a default account lockout policy to mitigate RDP and other brute force password attacks.