Introduction to Credential Guard Credential Guard is a Windows 10/Server 2019 virtualization-based security feature that isolates credential storage from the main operating system. Traditionally, the Local Security Authority Subsystem Service (LSASS) stores and manages credentials including NTLM password hashes, Kerberos tickets, and cleartext passwords (in some configurations). If an attacker gains kernel-level access or exploits […]
Introduction to NTLM Security NTLM (NT LAN Manager) is a challenge-response authentication protocol used by Windows when Kerberos is not available—for example when accessing resources by IP address instead of hostname, in workgroup environments, or when connecting to legacy systems. While Kerberos is the preferred protocol, NTLM is still present in virtually all Windows environments […]
Introduction to Kerberos Authentication Kerberos is the default authentication protocol for Windows domain environments. Introduced with Windows 2000 and continually improved in Windows Server 2019, Kerberos provides mutual authentication—both the client and the server verify each other’s identity—and uses tickets rather than transmitting passwords over the network. Understanding Kerberos is essential for troubleshooting authentication failures, […]
Introduction to Multi-Factor Authentication Multi-Factor Authentication (MFA) requires users to provide two or more verification factors before gaining access: something they know (password), something they have (phone, hardware token, smart card), or something they are (biometrics). Implementing MFA on Windows Server 2019 dramatically reduces the risk of credential-based attacks—even if a password is stolen, an […]
Introduction to Split Tunneling Split tunneling is a VPN configuration where only traffic destined for corporate resources is routed through the encrypted VPN tunnel, while internet traffic goes directly from the client through its local internet connection. Without split tunneling (full tunneling), all client traffic—including YouTube, Windows Update, and personal browsing—travels through the corporate VPN […]
Introduction to Always On VPN Always On VPN (AOVPN) is Microsoft’s replacement for DirectAccess, introduced with Windows 10 and fully supported on Windows Server 2019. Unlike traditional VPN solutions where users must manually connect, Always On VPN connects automatically when the user logs in and the device detects it is not on the corporate network. […]
Introduction to Network Access Protection Network Access Protection (NAP) is a Windows Server technology that evaluates the health of client computers attempting to connect to the network and restricts access for machines that do not meet defined health requirements. NAP checks conditions such as whether Windows Firewall is enabled, antivirus signatures are up to date, […]
Introduction to RADIUS Proxy A RADIUS proxy receives authentication requests from RADIUS clients (VPN servers, wireless APs, switches) and forwards them to remote RADIUS servers based on configurable rules. Windows Server 2019 with the Network Policy Server (NPS) role can function as a RADIUS proxy in addition to—or instead of—acting as a full RADIUS server. […]
Introduction to 802.1X Network Access Control 802.1X is an IEEE standard for port-based network access control. It ensures that only authenticated and authorized devices can connect to a network—whether wired or wireless. In an enterprise environment, 802.1X prevents unauthorized devices (laptops, phones, IoT devices) from simply plugging into a network port or connecting to a […]
Introduction to RADIUS Authentication RADIUS (Remote Authentication Dial-In User Service) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) for network access. Windows Server 2019 implements RADIUS through the Network Policy Server (NPS) role. NPS acts as a RADIUS server that authenticates users trying to connect via VPN, wireless access points, 802.1X […]
Progressive Robot: Your Gateway to Comprehensive IT Solutions — Specializing in Web Development, Mobile App Development, and Expert IT Services.
© All Copyright by Progressiverobot.com
VAT Number ( 506152326 )
