A quick Warning

No matter how secure you would like to believe your network is, it probably isn't. The longer your network has been installed without a major overall, the worse off you probably are. This really isn't anyone's fault: It's hard to keep track of everything on your network. Remember that little change you made a year ago so your president could get to his files easier while on the road? Well, did you ever disable it? Hmmm.. Good question 'eh?

Starters

  1. The first thing you need to do is Document who should have access to what. Split your users up into groups, some blurring is okay, but try to keep the groups close to business lines (it's easier to keep track of)
  2. Make sure your users belong to the groups they need to, and to no more. Eliminate all explicitly granted rights, and move everything into group definitions. This alone cleans up most security holes.
  3. Double check the security newsgroups for your network (Netware, NT, etc) and see what other major points they can give you. Most holes are opened by giving your users excessive rights. Audit these, and you'll be well on your way to cleaning things up.
  4. Stay up to date on patches! Also subscribe to the Cert mailing list, and check out the Computer Emergency Reponse Team's home page
  5. Better than CERT is now BugTraq. Available at majordomo@netspace.org. This is a relatively low volume mailing list, with very good informatino every day.

What now?

Well, I'll update this some more in the future. For now, keep these things in mind, and work to make your users happy with the new restrictions some of them may be feeling. Above all, good luck!

I've now got some links to some interesting sites:

  • Greg Miller's home page Covers Crypto, AI, Netware, and some misc other stuff...
  • 'nother NW hack page, Some more archived utils and interesting ideas..
  • The Little Page - Netware Utils (one really nice one)
  • The Nomad's Mobile Research enter - The Penultimate site

    Some new stuff - Unix holes

    If you've heard about the cgi-bin/phf hole, don't bother reading this. By examining this bug in detail, I've determined that it's a serious flaw on any web server. This cgi script allows remote execution of arbitrary commands on the file server - very bad!

    Here - check out this little hole on nida.eng.wayne.edu - I'll do a ps -aux and display all the processes running on the machine.

    You can type your own commands in here, but you need to insert an ascii 10 (^J) after the first character and your command: