> Ok, heres a very simple solution: Buy a switch. Actually, switches do help, but they also run the risk of people actually believing that their switched connections are private, lulling you into a false sense of security. Most switches have some facility to allow you to monitor another port, the traffic of an entire VLAN, or even all traffic in the switch. If your switch is compromised, someone could listen in on your workstation conversations, which you thought were private. The monitoring could happen when the compromised switch is directed to pass all packets to a compromised system. Yes, both a system on the switch and the switch itself have to be compromised, but there are plenty of compromises about for workstations that making this rather doable once you can compromise the switch. The other thing is about the Novell's SYS:ETC directory having read and file scan. When you install Novell's FTP server, this installation adds just such a trustee to SYS:ETC. If you remove the trustee, then FTP logging breaks. Of course, the current version of FTP (at least prior to NW 5) is also known to have copious security problems, so anyone who uses it should beware. For more info on this and other bad NetWare security problems, be sure to visit http://www.nmrc.org and look at the Unofficial Netware Hack FAQ. Chris
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:28 PDT