IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

S 2.101 Revision of Novell Netware servers<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

In practice, complete revision of a Novell Netware 3.x server within the<br />

framework of <strong>IT</strong>-baseline protection will hardly be possible. Nonetheless, the<br />

following approaches to revision should be observed.<br />

With the program SYS:SYSTEM\SECUR<strong>IT</strong>Y.EXE the bindery-files of a Novell<br />

Netware server will be examined for the following security weaknesses.<br />

Recognised weaknesses will be listed.<br />

No password assigned<br />

Users not requiring a password to login to the Novell Netware server will be<br />

listed.<br />

Insecure passwords<br />

Here, many aspects of the bindery of a Novell Netware server will be<br />

examined.<br />

Firstly, all users whose login name is equivalent to their password will be<br />

listed, as will users whose password may be less than five characters.<br />

Furthermore, it will be examined for every user if the duration of password<br />

validity amounts to less than 60 days and if an unlimited number of Grace<br />

Logins is permitted.<br />

Supervisor equivalence<br />

SYS:SYSTEM\SECUR<strong>IT</strong>Y.EXE checks the bindery of a Novell Netware server<br />

in order to list those users who have the "supervisor" security level<br />

(Supervisor equivalence).<br />

Root directory privileges<br />

Due to access rights being passed "down" all users of the Novell Netware<br />

server will be examined to see if they have access to the main directory (at<br />

volume level).<br />

Login scripts<br />

All the users not having their own login-script (User Login Script) will be<br />

determined.<br />

In order to exchange electronic messages, all users have the "Create" privilege<br />

in the SYS:MAIL directory as standard. An "attacker" could copy a LOGIN<br />

file (User-Login-Script) into the SYS:MAIL directory of a user not possessing<br />

a User Login Script, thus changing the user's Novell Netware environment.<br />

Excessive rights<br />

Within the installation framework, Novell Netware 3.x makes many<br />

directories available as standard (SYS:SYSTEM, SYS:PUBLIC, SYS:LOGIN).<br />

SYS:SYSTEM\SECUR<strong>IT</strong>Y.EXE examines the bindery of a Novell Netware<br />

server to check if users have more privileges than provided as standard in<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!