Re: More Rconsole stuff

From: Simple Nomad (thegnomeat_private)
Date: Mon Oct 12 1998 - 14:13:55 PDT

Next message: Tyson Boellstorff: "FW: More Rconsole stuff"

Previous message: Miguel de Icaza: "Re: [rootat_private: ]"
Maybe in reply to: Chris Brenton: "More Rconsole stuff"
Next in thread: Tyson Boellstorff: "FW: More Rconsole stuff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Since when is SYS:ETC readable by everyone???  Not on my default NetWare
> install!  You might want to check your rights at the root of SYS or see if
> some knucklehead gave read rights at the ETC directory.

If you are running NFS name space on SYS: and using Novell's FTPSERV.NLM,
a passive connection "gives" the rights. This is an older bug, and Novell
never did state whether it got fixed. Removing the rights does not help.
You have to NOT use NFS name space or not use FTPSERV.NLM.

> I still go back to my original statement - RCONOSLE, although it appears
> subject to compromise, it's still difficult to do.  The data destruction
> threat is more likely than the threat of the system being compromised for
> inappropriate access.  BTW - if you have a firewall, SPX won't work.  If
> you're running IP via XCONSOLE (included with NetWare/IP or the older
> Flex/IP product), you can easily set up deny rules to prevent telnet
> sessions to your NetWare servers.  Also, truly truly paranoid people can put
> a firewall between their internal net and the NetWare servers, if you're
> interested in adding a hop (and some serious latency) into the network in
> the name of security ;-).

I go back to my original statement -- don't use RCONSOLE at all.

> As for the internal threat, that's easy to deal with from where I stand.
> Scare someone into realizing his/her job is at stake and that it's a felony
> to compromise computer data or systems, and you should be able to deter the
> internal threat somewhat.

Of course this assumes you have an employee you're dealing with that is
threatened by this. When I stated internal threat, I should have clarified
that. In the scenario we've been discussing the easiest threat that takes
advantage of the RCONSOLE stuff is an internal network threat, i.e. a
workstation "inside" the firewall. This could be an employee, a
contractor, a vendor, a visitor, or a janitor. Or it could be dialup
access.

    Simple Nomad    //  "When viewed as a metaphor for the human
 thegnomeat_private  //    condition, the humble GNU C compiler
    www.nmrc.org    //         becomes an endless enigma."

Next message: Tyson Boellstorff: "FW: More Rconsole stuff"
Previous message: Miguel de Icaza: "Re: [rootat_private: ]"
Maybe in reply to: Chris Brenton: "More Rconsole stuff"
Next in thread: Tyson Boellstorff: "FW: More Rconsole stuff"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:19 PDT