Top Document: comp.os.netware.security FAQ Previous Document: Section 3: Help Next Document: 3.02 - I've lost the supervisor password. See reader questions & answers on this topic! - Help others by sharing your knowledge The most important rule is to lock the server console. At least one method has been posted a couple of times which explains how to switch off password verification using the server internal debugger. Anyone with console access can obtain supervisor access. Place any useful NLMs in SYS:SYSTEM and then add the following line to AUTOEXEC.NCF: SECURE CONSOLE Disable use of unencrypted passwords. Either type the following, or add it to the AUTOEXEC.NCF: SET ALLOW UNENCRYPTED PASSWORDS OFF If you have NCP packet signatures installed, add the following line to AUTOEXEC.NCF: SET NCP PACKET SIGNATURE OPTION = 3 Use a password different from the Supervisor password for RCONSOLE. Load the MONITOR NLM and lock the console. Remember that access to the backups is just as bad as access to the server. Keep the backups secure too. Some other suggestions: Limit number of Supervisor accounts (not too many, but keep at least one, unless using the SUPER utility described below). Enable intruder detection and lockout. Require unique passwords on all accounts. Login as Supervisor as little as possible. Use the SUPER.EXE program, written by Wolfgang Schreiber, which will toggle instant supervisor-equivalency to a user. This isn't a loophole, since some preparation has to be done on the accounts which should be able to gain supervisor-equivalency, and those accounts will be reported by the SECURITY utility. SUPER is available from netwire (Look on ftp.novell.de or ftp.novell.com). User Contributions:Top Document: comp.os.netware.security FAQ Previous Document: Section 3: Help Next Document: 3.02 - I've lost the supervisor password. Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: F.U.Mirza@sheffield.ac.uk (Fauzan Mirza)
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: