Mirror Authentication - Basic vs NTLM

Discussion in 'ESET NOD32 Antivirus' started by nubdonut, Jun 28, 2009.

Thread Status:
Not open for further replies.
  1. nubdonut

    nubdonut Registered Member

    Joined:
    Apr 7, 2009
    Posts:
    13
    Hi all,

    I am trying to set a password for my roaming clients to get updates from our internal HTTP server. I created a NOD32 user profile to read the mirror folder. This set of password works well with basic and NTLM authentication.
    What is the difference between the two since they function the same in this case?

    Help will be greatly appreciated!
     
  2. nubdonut

    nubdonut Registered Member

    Joined:
    Apr 7, 2009
    Posts:
    13
    Any kind souls around could explain to me?

    :)
     
  3. WayneP

    WayneP Support Specialist

    Joined:
    Apr 9, 2009
    Posts:
    339
    Hello nubdonut,

    If you have machines outside of your network, they should download updates from the ESET servers instead of your server. This will allow them to download them possibly faster and more reliable, since we have redundancy in place for update servers. Opening your update server to the internet is also against the terms of the license.
     
  4. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I believe Basic passes the username/password in plaintext, NTLM will authenticate against a local Windows (user will work) account and pass a hash.
     
  5. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    You do realize that this can put your userbase in really bad situations, right? On several occasions your update servers have been overloaded and unavailable, and clients trying to download them silently failed thinking an update wasn't available, even though it was. Combine this with remote access solutions that use client health monitoring and your outage renders our staff unable to telecommute, which is completely unacceptable.
     
  6. mkuntic

    mkuntic Registered Member

    Joined:
    Mar 6, 2008
    Posts:
    54
    There are two problems with letting roaming users download directly from ESET:
    1) the company username/password must be pushed onto the client whenever it's changed (renewed), which can be a pain for the administrators if they don't have a deployment/management scheme in effect
    2) the company's username/password are made available to the users, who can thereupon transfer them to a 3rd party via a registry export

    Allowing external authenticated users, or users connected via VPN, access to the company mirror should be acceptable.
     
Thread Status:
Not open for further replies.