I want to know what the best possible way to secure ms exchange environment against authentication related attacks(brute-force,ms-exchange). I know ntlm is not secure? and I'm not quite sure about ntlm version 2 either ? Is kerberos a better option. I know it sounds crazy since outlook / owa provides security at transport layer e.g tls but with the usual design and deployment of exchange environment it asks to authenticate user from active directory. Which sounds great for usability but not quiet so for security. Since let suppose if version 1 of ntlm is running user would easily be able to sniff/ or brute force / or even grab a local copy of the hash from victim computer any security layer provided by the outlook itself would render useless. So in such a scenario what security is best which would encompass all such areas in a holistic fashion and no gaps are left open across all layer (application (owa) , network mainly). Thank you

Hi For what I understand, this is more of a Active Directory authentication best practice security question Here are better forums for those questions, ask it in Directory Services forum instead http://searchwindowsserver.techtarget.com/tutorial/Active-Directory-Security-Guide Jonas Andersson MCTS: Microsoft Exchange Server 2007/2010 | MCITP: EMA 2007/2010 | MCSE/MCSA Blog: http://www.testlabs.se/blog

Hi Lazer_man, By default, Outlook 2003 is using Kerberos. You can find the difference between two authentication: Difference between "Kerberos/NTLM Password Authentication" & "Password Authentication(NTLM)" settings in Outlook 2003 http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/e1965a44-c670-4862-adfe-6b9eb8c3c304/Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.