Is Windows Authentication (NTLM) on Windows Server 2008 R2 secure for Sharepoint 2010?

0
votes

Is it generally considered secure to use Windows NTLM Authentication for Sharepoint 2010 on a Windows 2008 R2 server?

This Sharepoint install WILL BE exposed to the Internet.
Is NTLM in 2008 R2 sent as clear text, or some otherwise easily defeat-able encryption?

I want to be sure we aren't making ourselves vulnerable by this authentication method.

My gut says forms authentication with SSL would be best.

Comments?

1
sharepointiisauthenticationencryptionntlm

1 Answers

1
votes

Your gut is leading you in the right direction. NTLMv2 can be vulnerable to an attack known as a forwarding attack where an interloper could set up a proxy between your client and server and hijack an authenticated session.