A quick Warning
No matter how secure you would like to believe your network is, it probably
isn't. The longer your network has been installed without a major overall,
the worse off you probably are. This really isn't anyone's fault: It's
hard to keep track of everything on your network. Remember that little
change you made a year ago so your president could get to his files easier
while on the road? Well, did you ever disable it? Hmmm.. Good question
'eh?
Starters
- The first thing you need to do is Document who should have access
to what. Split your users up into groups, some blurring is okay, but try
to keep the groups close to business lines (it's easier to keep track of)
- Make sure your users belong to the groups they need to, and to no more.
Eliminate all explicitly granted rights, and move everything into group
definitions. This alone cleans up most security holes.
- Double check the security newsgroups for your network (Netware, NT,
etc) and see what other major points they can give you. Most holes are
opened by giving your users excessive rights. Audit these, and you'll be
well on your way to cleaning things up.
- Stay up to date on patches! Also subscribe to the Cert
mailing list, and check out the Computer
Emergency Reponse Team's home page
- Better than CERT is now BugTraq. Available at majordomo@netspace.org. This is a relatively low volume mailing list, with very good informatino every day.
What now?
Well, I'll update this some more in the future. For now, keep these
things in mind, and work to make your users happy with the new restrictions
some of them may be feeling. Above all, good luck!
I've now got some links to some interesting sites:
Greg Miller's
home page Covers Crypto, AI, Netware, and some misc other stuff...
'nother NW
hack page, Some more archived utils and
interesting ideas..
The Little Page - Netware Utils (one really nice one)
The Nomad's Mobile Research enter - The Penultimate site/li>
Some new stuff - Unix holes
If you've heard about the cgi-bin/phf hole, don't bother reading this.
By examining this bug in detail, I've determined that it's a serious flaw
on any web server. This cgi script allows remote execution of arbitrary
commands on the file server - very bad!
Here - check out this little hole on nida.eng.wayne.edu - I'll do a
ps -aux and display all the processes running on the machine.
You can type your own commands in here, but you need to insert an ascii
10 (^J) after the first character and your command: