Disable Legacy Authentication Methods in Networks
Ensure older and less secure authentication methods are not used to protect network security.
Plain language
This control is all about stopping the use of outdated authentication methods like LAN Manager (LM) and NT LAN Manager (NTLM) because they are not secure anymore. If these older methods stay in use, it's easier for hackers to break into your network, steal information, and cause harm to your business.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2025
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Operating system hardeningOfficial control statement
A HIPS or EDR solution is implemented on critical servers and high-value servers.
Why it matters
Without HIPS/EDR on critical and high-value servers, malicious activity may go unnoticed, enabling breaches and major outages.
Operational notes
Tune HIPS/EDR rules on critical/high-value servers, monitor alerts and logs daily, and verify agents remain healthy and reporting.
Implementation tips
- System owners should work with IT technicians to identify if any systems still use LAN Manager or NT LAN Manager authentication. They can do this by creating a list of all systems and checking the authentication method used by each one.
- The IT team should update or configure systems to use more secure authentication methods. They can achieve this by checking system settings and applying updates or patches provided by software vendors to disable legacy protocols.
- Managers should ensure employees are aware of these changes and why they matter. Host a meeting or send a detailed email explaining the switch from old to new secure methods, and reassure staff that this is to protect the company.
- The IT team should conduct regular checks to ensure no systems revert to using insecure authentication methods. Implement a schedule for these reviews and log the findings to keep a record.
- Procurement teams should include security requirements when acquiring new systems or software. Specify that any new purchases must support modern, secure authentication methods in the buying criteria.
Audit / evidence tips
-
Aska list of all IT systems and their authentication methods: Request documentation showing which methods are used across all systems
Goodlist will clearly show all systems using modern, secure methods
-
Asksystem configuration reports: Request detailed reports from the IT team about the authentication settings
Goodreport will indicate that secure methods like Active Directory are in place instead
-
Askrecords of IT staff training sessions: Request the dates and content of any training related to this control. Look to see if the training covered why the legacy methods are insecure and how to ensure they're not used
Goodrecord will show comprehensive training attendance and materials
-
Askdocumented procedures for new system procurement: Request to see any procurement guidelines that include authentication requirements
Gooddocument will have clear guidelines preventing the purchase of systems with legacy authentication methods
-
Askevidence of routine security audits: Request recent audit reports focusing on authentication methods
Goodreport will show regular checks and any actions taken to rectify non-compliance
Cross-framework mappings
How ISM-1034 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (2) expand_less | ||
| Annex A 8.5 | ISM-1034 requires organisations to disable legacy authentication methods on networks to prevent access via insecure paths | |
| Annex A 8.9 | ISM-1034 mandates disabling legacy authentication methods to secure network services | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.