ch18.htm

Maximum Security (First Edition) 网络安全 英文版

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 18 -- T</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch17/ch17.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch19/ch19.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">18</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">Novell</FONT></H1>
</CENTER>
<P>Whenever I am at a client's office, invariably the conversation turns toward operating
systems. We bat around various flavors of UNIX, discuss Windows NT, and then suddenly,
Novell emerges. From there, it is all downhill. We go from Novell to DOS 3.<I>x,</I>
and finally, to CP/M. Most people today speak of Novell in the &quot;I remember when&quot;
mode. Think about that for a moment. I will wager that the last time someone talked
with you about Novell, that dreaded term &quot;legacy network&quot; was mentioned
more than once.</P>
<P>This is a mystery to me, largely because Novell had made innovations relevant
to the Internet &quot;way back&quot; in 1991. Even at that time, the Novell NetWare
platform supported TCP/IP and was Internet ready. Today, Novell is still very much
in the running. Web servers and other baseline Internet applications continue to
be written for the Novell platform. And, interestingly, Novell may measure out to
be as secure as any of its counterparts.
<H2><FONT COLOR="#000077"><B>Background</B></FONT></H2>
<P>NetWare has been with us a long time. The first version of NetWare was released
in 1983. To put that in perspective, consider this: MS-DOS had just emerged. Computer
enthusiasts were dreaming about the luxury of a 286 with 640KB RAM. It was less than
15 years ago, and when you think of it in these terms, it doesn't seem so far away.
However, measure that 14 years against the backdrop of the computer industry (which
has now exploded).</P>
<P>Since that time, NetWare has undergone some major changes. And, although it is
not really secure in its out-of-the-box state, NetWare has some substantial security
features. Control of what services run on what port is just as incisive in Novell
as it is in UNIX. The system is, in fact, nearly identical. For those of you who
are considering stringing your Novell network to the Net (which is now a popular
practice), I suggest getting some background in TCP/IP. Many excellent Ethernet administrators
familiar with IPX are less confident about their TCP/IP knowledge. This is where
standards really shine through and assist the administrator. TCP/IP is negotiated
in a similar fashion on almost every platform.</P>
<P>In NetWare, the file that governs your service is <TT>SYS:ETC\SERVICES</TT>. This
file contains a list of services that you will be running from out of your intranet
to the Internet at large. It is the equivalent of the <TT>/etc/services</TT> file
in UNIX. It is from this file that you pick and choose your services, which may include
TFTP, FTP, and Telnet. In this respect, a Novell network running TCP/IP could be
scanned in the same fashion as a UNIX box. The <TT>SYS:ETC\SERVICES</TT> file is
one to watch closely. Misconfigurations there can lead to security problems.</P>
<P>The discretionary access controls in NetWare are also formidable. In fact, Novell's
control of the system is quite granular. It extends, for instance, to time-based
restrictions. A user's access can be restricted to certain hours of the day and certain
days of the week. Users' passwords are subjected to aging and there are at least
rudimentary controls to reject passwords that are either too short or those that
have been used before.</P>
<P>Control over directories and files is good. For example, the following controls
can be placed on directories:

<UL>
	<LI>Delete inhibit--Files or directories marked with this attribute cannot be deleted
	by system users.<BR>
	<BR>
	
	<LI>Hidden--Files or directories marked with this attribute cannot be seen. (That
	is, if a user is snooping through a directory, he will not discover a directory or
	file so marked.) Also, any object marked with this attribute cannot be deleted or
	copied.<BR>
	<BR>
	
	<LI>Purge--This attribute causes a file to be purged, or obliterated from existence
	upon deletion. In other words, when the supervisor deletes files marked with this
	attribute (or files within a directory marked with this attribute), the files cannot
	be restored.
</UL>

<P>The control that NetWare offers over files is even more finely structured. In
addition to being able to apply any of these attributes to files, a Novell NetWare
system administrator can also apply the following:

<UL>
	<LI>Read only--This restricts users from altering the files.<BR>
	<BR>
	
	<LI>Execute only--Marks a file as execute-only, meaning that it cannot be copied,
	backed up, or otherwise &quot;taken away.&quot;<BR>
	<BR>
	
	<LI>Copy inhibit--Prevents Macintosh users from copying files.
</UL>

<P>These controls are impressive in an operating system. A comparative analysis of
Novell 3.<I>x</I>, for example, and Microsoft Windows for Workgroups is instructive.
Windows for Workgroups was an excellent platform on which to establish a network.
However, its security capabilities were practically nonexistent. In contrast, Novell
NetWare had advanced controls on all elements of the system.</P>
<P>Here is an interesting bit of trivia: Using the Novell NetWare operating system,
you can actually restrict the physical location at which a user can log in. That
is, you can specify that John can only log in from his own station. If he proceeds
to another computer, even just 6 feet away, he will be unable to log in. In order
for you to do this, however, you must specify that all users are restricted in the
same manner.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>NetWare also has provisions for
	a hierarchy of trust. That is, you can assign managers to each section of the LAN
	and assign a group of people to each manager. Thus, NetWare can be used to quickly
	and efficiently map out relationships of trust and authority that closely (if not
	precisely) parallel the actual levels of trust and responsibility between those within
	your organization. 
<HR>


</BLOCKQUOTE>

<P>The Novell NetWare network environment offers fine security. (It is not perfect,
but demonstrates advanced security techniques, even going back to Novell NetWare
3.<I>x</I>.) Novell NetWare 4.<I>x</I> is a very strong platform and has become popular
as a WWW server platform.</P>
<P>The flip side of this is that we have not yet seen Novell handle the void. In
closed network situations, Novell has proven to be an excellent networking platform.
The levels of security it provides will foil all but the most studious cracker or
hacker. Novell is just now getting a taste of the real outside world. It may not
be long before we see Novell security advisories floating around the Internet. Later
in this chapter, you will get a chance to see at least one flaw found only two months
prior to this writing. It is a hole that could allow a remote exploit. You'll also
learn about other exploits as we briefly look at the security of Novell.</P>
<P>One point I should explain here is why Novell holes have not surfaced in the same
way that UNIX holes have. The Novell NetWare environment is vastly different from
the UNIX environment. NetWare is used primarily in business settings. Many accounting
firms, law firms, and medical practices use NetWare as a networked platform. DOS-based
programs run well in NetWare, so you can use it for record keeping, accounting, and
billing.</P>
<P>NetWare also provides an attractive enough interface, and it is surprisingly lightweight
considering the wonderful networking job that it does. However, NetWare users and
UNIX users are disparate. NetWare users characteristically access DOS-based programs
through the shell. The shell provides a suitable menu interface. You simply move
the arrow down the list of choices and fire. It is a point-and-shoot type of environment
from that standpoint. Thus, although there are undoubtedly thousands of developers
that may work their craft on a Novell NetWare network, the majority of NetWare users
never really come into contact with the operating system level. To them, the underlying
framework is largely invisible.</P>
<P>In contrast, UNIX users regularly have contact with dozens (if not hundreds) of
commands at the operating system level. Because UNIX is a developer's platform (with
that development deeply rooted in the C programming language), UNIX users are more
intimately familiar with the nature of their operating system, its flaws, and its
virtues. On this account, hard-core analysis of the UNIX operating system is constantly
under way. This process is not only undertaken by developers for UNIX vendors, but
also by the people who rely on this strange operating system each day. As the general
knowledge of an operating system increases, so does the specific knowledge regarding
its holes.</P>
<P>Such in-depth analysis in NetWare is confined primarily to the developers who
created it. Their source code is proprietary and therefore, the computing community
has no reliable way of knowing what flaws, if any, exist in the NetWare operating
system. True, there may be fragmented efforts here and there to attack the binaries
of that operating system, perhaps searching for buffer overflows or other, lower-level,
problems.</P>
<P>The future will tell us all about NetWare, though, because it has now survived
that one giant step to the Internet. NetWare users now want their networks strung
to the Net. And, as I said at the beginning of this chapter, Novell had provisions
for strong TCP/IP support five years ago.</P>
<P>Throughout this chapter, I will take a look at NetWare security. Again, the purpose
of this book is not to cover one operating system extensively, but rather, to prepare
the user for general Internet security. By the time you reach the last quarter of
this book, I will be making references to all the operating systems covered up until
that point, often not only in the same chapter, but in the same paragraph. I have
tried to design this book so that by the time you reach that point, you will be well
prepared.</P>
<P>In short order, then, let's have a look at this old but revolutionary operating
system.
<H2><FONT COLOR="#000077"><B>NetWare Security in General</B></FONT></H2>
<P>NetWare has always been a platform that is attacked from within. That is, those
on the internal network are usually the enemy. A wide variety of attacks are available
if you are within close physical proximity of a NetWare server. Here are a few:

<UL>
	<LI>Down the machine, access the disk, and alter the bindery. When this machine reboots,
	the operating system will examine the bindery. It will determine that a valid one
	does not exist. Based on this information, it will reconstruct a new default bindery.
	When it does, all previous password protection will no longer exist.<BR>
	<BR>
	
	<LI>Load one of several network loadable modules (NLMs) that can (at least on 3.<I>x</I>
	and before) change, disable, or otherwise bypass the supervisor password.<BR>
	<BR>
	
	<LI>Attack the <TT>Rconsole</TT> password on earlier distributions of Novell. Reportedly,
	the algorithm used for the encryption of that password was poorly conceived. It is
	weak and passwords so encrypted can be cracked quite easily.
</UL>

<H2><FONT COLOR="#000077"><B>Default Passwords</B></FONT></H2>
<P>There is never a replacement for good system administration. Do you remember the
SGI exploit I examined at the beginning of this book? The Webforce line of computers
had a default login for the line printer. This login ID did not require a password.
This is referred to as a <I>passwordless account</I>. Almost every network operating
system has at least one account that already exists that does not require a password.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>When installing Slackware versions
	of Linux, for example, the process completes by you booting to a login prompt. The
	first time you log in, you log in as root without a password. It is left to the user
	to assign a password to the root account. Not all UNIX-based platforms work this
	way. For example, when you're installing SunOS by hand, one of the last options it
	requests is what the root password will be. Similarly, Red Hat Linux registers a
	password before the first boot load. This policy is probably a wise idea. 
<HR>


</BLOCKQUOTE>

<P>In NetWare, the supervisor account is passwordless on a fresh installation and
remains so until the supervisor assigns a password. (In other words, the operating
system never forces a password.) Moreover, there is a <TT>GUEST</TT> account created
at time of installation. If you do not feel that you will need this account, go into
<TT>SYSCON</TT> and delete it immediately. However, if you envision using this account
to provide guest access, assign a password to it immediately.
<H2><FONT COLOR="#000077"><B>Spoofing</B></FONT></H2>
<P>Spoofing is the act of using one machine to impersonate another by forging the
other's &quot;identity&quot; or address. It is not a baseline skill with crackers.
Either they know how to do it or they don't. The technique is talked about often
because of its uniqueness. It is a method of breaking into a remote host without
providing so much as a user ID or a password. For that reason, spoofing has developed
a mystique on the Internet (despite the fact that spoofing was known about at Bell
Labs more than 12 years ago).</P>
<P>There are different forms of spoofing. Typically, when we think of spoofing, we
have in our minds the notion of IP spoofing across the Internet. Certainly, this
is the most popular kind of spoofing among crackers because of the press coverage
that followed Kevin Mitnik's arrest. How-ever, there are different types of spoofing.
Here, I am referring to hardware address spoofing.</P>
<P>In Chapter 28, &quot;Spoofing Attacks,&quot; I address IP spoofing attacks. However,
it will suffice here to write that in 1985, at Bell Labs, it was determined that
spoofing was a viable procedure. A paper was posted to the Net on this subject. It
was four pages or so, describing how such an attack might someday be implemented.</P>
<P>Spoofing in the NetWare environment is not impossible; it is just difficult. Most
crackers advise that you can change the hardware address in the <TT>NET.CFG</TT>
file. However, it might not be as easy as this.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>The <TT>NET.CFG</TT> file contains
	parameters that are loaded on boot and connection to the network. This file includes
	many options to alter the configuration by hand (which is mighty useful because conventional
	configurations sometimes fail to &quot;come out right&quot;). To supplement this,
	changes may be made directly to the interface using this file. Options include number
	of buffers, what protocols are to be bound to the card, port number, MDA values,
	and, of course, the node address. 
<HR>