We are setting up a SharePoint 2010 site. Don't worry, this is not a Sharepoint question, just adding it for context. Most of the site will be anonymous, but some users are able to authenticate in and edit content. They use NTLM (users exist in AD). Is there any concern about exposing NTLM login for users that can modify content over the internet via http or should that only be exposed via https?
Security – security concern exposing NTLM authentication over http or should it only be https
active-directoryhttphttpsSecurity
Best Answer
NTLM over plain HTTP is insecure. Attackers that passively sniff traffic or who perform a man-in-the-middle attack can use various methods to steal or abuse credentials. For example:
Bottom line: treat NTLM authentication the same as authentication with plaintext credentials. In this case, this means you should use HTTPS of you want to protect against attackers on your network.