ch18.htm

Maximum Security (First Edition) 网络安全 英文版

<H3><FONT COLOR="#000077"><B>Login Protocol of NetWare 3.12 Flawed</B></FONT></H3>
<P>In October 1996, Greg Miller posted an advisory and an accompanying paper to the
Net demonstrating a successful attack against the login procedure in Novell 3.12.
The procedure involved an interruption of the login process in real-time.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>A complete explanation
	of Miller's process is available at <A HREF="http://geek-girl.com/bugtraq/1996_3/0530.html"><TT>http://geek-girl.com/bugtraq/1996_3/0530.html</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>The attack technique is a form of spoofing and is dependent on many things. (In
other words, this is neither an easily implemented nor widely known technique.) The
following are the limitations on the attack:

<UL>
	<LI>The attacker must be able to view, monitor, or somehow anticipate the login attempts
	of legitimate users.<BR>
	<BR>
	
	<LI>The targeted server must allow unsigned packets.
</UL>

<P>The process works as follows: The attacker sends a request for a login key. The
server promptly responds with this key. The attacker then waits for a legitimate
user to issue a similar request. When such a request occurs, and before the server
can respond to the legitimate user, the attacker sends his login key to the legitimate
user. The legitimate user's machine takes the bogus key as authentic and therefore
ignores any further keys. (Thus, the legitimate user's remaining authentication will
be based on an invalid key.) What remains is for the attacker to watch the rest of
the exchange between the legitimate user and the server. The legitimate user's machine
calculates a value based on a user ID sent from the server. It is this value that
the attacker wants. The attacker can now log in as the legitimate user. (And of course,
the legitimate user is now denied access.) It is an extraordinary hole. Duplication
of this procedure in the void would be extremely difficult but not impossible. I
think that at a minimum, the attacker would have to be familiar with the targeted
server and the habits of those who routinely use it. Nevertheless, it is a hole and
one that does allow a remote individual to gain access.</P>
<P>These types of exploits for NetWare are rare.
<H3><FONT COLOR="#000077"><B>Login Script Vulnerability</B></FONT></H3>
<P>Under Novell 2.<I>x</I> and 3.<I>x</I>, if the supervisor fails to define a login
script, a potential hole exists because crackers can place a login script into the
supervisor's mail directory. It is unclear exactly what level of compromise this
might lead to. Certainly, the supervisor's password can be captured. Furthermore,
the number of parameters available to the author of a login script are many. In practice,
it seems absurd that a supervisor would fail to create a login script, but I have
seen some use the default. These are usually first-time administrators. This problem
has been remedied in later versions of the software.</P>
<P>One thing that you will readily notice about the Novell NetWare platform is that
most of the methods used to crack it require some local, physical access. In all
other respects, Novell NetWare is a strong platform, primarily because of its advanced
access controls.</P>
<P>However, my earlier point is still relevant. NetWare has not yet run the gauntlet.
As more NetWare servers are erected on the Net, we may see a shift.
<H2><FONT COLOR="#000077"><B>Utilities</B></FONT></H2>
<P>The following sections describe a few utilities that are of some help in either
securing your server or managing your network.
<H3><FONT COLOR="#000077"><B>WSetPass 1.55</B></FONT></H3>
<P>WSetPass 1.55 was designed by Nick Payne for system administrators to manage user
passwords over multiple servers. It works for NetWare 2, 3, and 4.<I>x</I> passwords
and runs on Windows 3.1<I>x</I>, Windows 95, and Windows NT 4.0. It allows you to
mix and match servers and sync the password update across all servers in the network.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>WSetPass 1.55 is available
	at <A HREF="http://ourworld.compuserve.com/homepages/nick_payne/wsetpass.zip"><TT>http://ourworld.compuserve.com/homepages/nick_payne/wsetpass.zip</TT></A>.
	
<HR>


</BLOCKQUOTE>

<H3><FONT COLOR="#000077"><B>WnSyscon 0.95</B></FONT></H3>
<P>WnSyscon 0.95 is SYSCON for Windows, really. It allows you to administer your
Novell NetWare Server from a Windows platform. You can perform all the same basic
operations that you would if you were at the file server console. The author of WnSyscon
0.95 is unknown.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>WnSyscon 0.95 is available
	at <A HREF="ftp://ftp.novell.com/pub/nwc-online/ utilities/wnscn095.zip"><TT>ftp://ftp.novell.com/pub/nwc-online/
	utilities/wnscn095.zip</TT></A>. 
<HR>


</BLOCKQUOTE>

<H3><FONT COLOR="#000077"><B>BindView EMS</B></FONT></H3>
<P>BindView EMS is a powerful network management and security tool. This tool can
effectively analyze your network for security holes and identify problem areas, disk
usage, user rights, and even user rights inheritance. You can also examine the state
of objects, including all attributes on files. This is a substantial package for
network management and it is a commercial product.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>BindView EMS is available
	at <A HREF="http://www.bindview.com:80/products/nosadmin3.html"><TT>http://www.bindview.com:80/products/nosadmin3.html</TT></A>.
	
<HR>


</BLOCKQUOTE>

<H3><FONT COLOR="#000077"><B>SecureConsole</B></FONT></H3>
<P>SecureConsole is a security product from Australia that adds significant enhancements
to your security. It is designed to protect the file console and adds greater access
control and some deep auditing.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>SecureConsole is available
	at <A HREF="http://www.serversystems.com/secure.htm"><TT>http://www.serversystems.com/secure.htm</TT></A>.
	
<HR>


</BLOCKQUOTE>

<H3><FONT COLOR="#000077"><B>GETEQUIV.EXE</B></FONT></H3>
<P>GETEQUIV.EXE is a security-related application that analyzes privilege equivalencies
between users on the Net. (Wouldn't you be surprised to find that someone has supervisor
equivalency?) It's a solid tool and one that quickly sums up security levels.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>GETEQUIV.EXE is available
	at <A HREF="http://mft.ucs.ed.ac.uk/novell/techsup/freedos.htm"><TT>http://mft.ucs.ed.ac.uk/novell/techsup/freedos.htm</TT></A>.
	
<HR>


</BLOCKQUOTE>

<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>Although few people speak of Novell in the present tense, Novell has in fact made
innovations that are relevant to the Internet. Indeed, Novell is still in the running,
and Web servers and other Internet applications continue to be written for the Novell
platform.
<H3><FONT COLOR="#000077"><B>Resources</B></FONT></H3>
<P>Here you will find resources related to Novell NetWare security. Some are books,
some are articles, some are Web sites, and some are newsgroups. You will find that
in the past two years, many more sources have cropped up. This is especially so now
that NetWare sports its own Web server package, which has strong security. It stands
in a similar light to the Webstar server, primarily because UNIX is where most of
the security research has been done by crackers.
<H4><FONT COLOR="#000077"><B>Publications</B></FONT></H4>
<P>Following is a list of publications on NetWare security. You will notice that
the majority are older. Newer treatments tend to focus on safely integrating NetWare
networks into other systems. (As I mentioned, many legacy networks are now being
migrated to the Internet, especially those with databases.) This is by no means an
exhaustive list, but it will certainly help the new system administrator get started.</P>
<P><B>Books</B></P>


<BLOCKQUOTE>
	<P><B>NetWare Security.</B> William Steen. New Riders Publishing. 1996.</P>
	<P><B>Novell's Guide to Integrating NetWare and TCP/IP.</B> Drew Heywood.<I> </I>Novell
	Press/IDG Books Worldwide. 1996.</P>
	<P><B>NetWare Unleashed (Second Edition).</B> Rick Sant'Angelo. Sams Publishing.
	1995.</P>
	<P><B>A Guide to NetWare for UNIX.</B> Cathy Gunn. Prentice Hall. 1995.</P>
	<P><B>NetWare LAN Management ToolKit.</B> Rick Segal. Sams Publishing. 1992.</P>
	<P><B>The Complete Guide to NetWare 4.1.</B> James E. Gaskin. Sybex Publications.
	1995.</P>
	<P><B>Building Intranets on NT, NetWare, Solaris: An Administrator's Guide.</B> Tom
	Rasmussen and Morgan Stern. Sybex. 1997.</P>
	<P><B>The NetWare to Internet Connection.</B> Morgan Stern. Sybex. 1996.</P>
	<P><B>NetWare to Internet Gateways.</B> James E. Gaskin. Prentice Hall Computer Books.
	1996.</P>
	<P><B>Novell's Guide to NetWare LAN Analysis.</B> Dan E. Hakes and Laura Chappell.
	Sybex. 1994.</P>
	<P><B>Novell's Four Principles of NDS.</B> Jeff Hughes. IDG Books Worldwide. 1996.</P>
	<P><B>NetWare Web Development.</B> Peter Kuo. Sams Publishing. 1996.</P>

</BLOCKQUOTE>

<P><B>Magazines and Journals</B></P>


<BLOCKQUOTE>
	<P><B>The NetWare Connection.</B>

</BLOCKQUOTE>


<UL>
	<UL>
		<LI><A HREF="http://www.novell.com/nwc/"><TT>http://www.novell.com/nwc/</TT></A>
	</UL>
</UL>



<BLOCKQUOTE>
	<P><B>Inside NetWare.</B>

</BLOCKQUOTE>


<UL>
	<UL>
		<LI><A HREF="http://www.cobb.com/inw/index.htm"><TT>http://www.cobb.com/inw/index.htm</TT></A>
	</UL>
</UL>



<BLOCKQUOTE>
	<P><B>Institute of Management and Administration.</B>

</BLOCKQUOTE>


<UL>
	<UL>
		<LI><A HREF="http://www.ioma.com/ioma/mlc/index.html"><TT>http://www.ioma.com/ioma/mlc/index.html</TT></A>
	</UL>
</UL>

<H4><FONT COLOR="#000077"><B>Usenet Newsgroups</B></FONT></H4>
<P>The following is a list of NetWare-related Usenet newsgroups:

<UL>
	<LI><A HREF="news:comp.os.netware.announce"><TT>comp.os.netware.announce</TT></A>--NetWare
	announcements
	<LI><A HREF="news:news:comp.os.netware.connectivity"><TT>comp.os.netware.connectivity</TT></A>--Connectivity
	products
	<LI><A HREF="news:comp.os.netware.misc"><TT>comp.os.netware.misc</TT></A>--General
	NetWare topics
	<LI><A HREF="news:comp.os.netware.security"><TT>comp.os.netware.security</TT></A>--NetWare
	security issues
</UL>

<CENTER>
<P>
<HR>
<A HREF="../ch17/ch17.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch19/ch19.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>