1
July 1994 Network Security Currently Notes is available behind corporate firewalls on enterprise LANs. By placing Notes on the Internet, it may be in need of some additional security to protect the users and information. One industry watcher said that a way to combat the security problem would be to install a Notes/WWW server outside the firewall and not turn on its RSA public key certification security feature. But Thorell said that the public key will provide a reasonable security solution and it will not be a barrier to Lotus' Internet objectives. "'Besides", said Thorell, "it is unlikely that super confidential information will be place on the servers anyway", A SpareKey to Netware Lisa Armstrong Network managers need not be rendered frantic without access because of an absent supervisor or one who has departed the company with the system password. Computer Masters' SpareKey can grant backdoor passage to Novell NetWare 2.X and 3.X and eliminate the potential for server and network shutdown a missing password can instigate. SpareKey installs a doorway into the Novell system. The door opens a user account with supervisory rights which let one browse through the system and locate all network servers. This is a valuable device since NetWare doesn't really have tracking facilities for that level of access. The program will also work with bindery emulation on NetWare 4.X. "SpareKey is particularly beneficial to a manager who doesn't directly supervise the network but is responsible for it", said Mark Morrell, SpareKey's author. Entrance through the backdoor is restricted by a password, Each copy of the SpareKey program contains a unique password so a backup copy of the distribution disk is mandatory. As installation of the program requires supervisor access, there are no security holes. First released in 1993, SpareKey has updated its security features. All password and user names are encrypted now. The program incorporates checksum, a mathematical calculation which adds up all the characters in the file. If file contents have been changed, checksum's outcome will be altered, "SpareKey's one weakness is that it is only as secure as the disk", says its creator, "It's a tool one can get and sit on. Hopefully, the buyer will never have to use it." Mr. Morrell recommends keeping the disk in a safe or safety deposit box. Like that extra car or house key some of us think to leave at a friend's house, SpareKey can save a lot of time and expense should we lose our own. The program costs US$295 for a single server, $895 for a site license and $1295 for a service license, Security in a Client Server Environment Dr L.G. Lawrence Vonaldy Pty Ltd The object of this article is to identify the risks that are run in the network and communications aspects of a client/server environment and thus help to define what security controls ought to be put in place for these. However, before it is possible to do this we need to define what is meant by 'Client/Server' systems. Definitions Client/server architecture In an article in Informafics, the ACS magazine, in October 1993, Dr, Robertson-Dunn gave a definition of client/server as: "A model of computing in which a system is partitioned into modules where commands and responses pass between modules such that one module acts as a request agent (the client) and another acts as a service provider (the server), The server keeps no requester specific information or states. This means that each command is complete and is not dependent on previous or future commands. It is possible for a server to also act as a client by requesting services of another server." The definition can be represented pictorially as in Figure 1, This definition has nothing specific about network operation or communications. In fact a client/server architecture can be adequately developed within a single system. But this is not the impression of most people who seem to consider it necessary to have separated systems for a client/server approach to be possible. In the most commonly understood interpretation, A, B, and C in Figure 1 would be 01994 Elsevier Science Ltd 5

A sparekey to netware

Embed Size (px)

Citation preview

July 1994 N e t w o r k Secur i ty

Currently Notes is avai lab le behind corpora te firewalls on enterprise LANs. By p lac ing Notes on the Internet, it may be in need of some addi t ional security to protect the users and information. One industry wa tcher said that a way to c o m b a t the security problem would be to install a Notes/WWW server outside the firewall and not turn on its RSA publ ic key cert i f icat ion security feature.

But Thorell said that the publ ic key will prov ide a reasonable security solution and it will not be a barrier to Lotus' Internet objectives. "'Besides", said Thorell, "it is unlikely that super conf ident ia l information will be p lace on the servers anyway",

A SpareKey to Netware

Lisa Armstrong

Network managers need not be rendered frantic wi thout access because of an absent supervisor or one who has depar ted the c o m p a n y with

the system password. Computer Masters' SpareKey can grant backdoor passage to Novell NetWare 2.X and 3.X and el iminate the potent ial for server and network shutdown a missing password can instigate. SpareKey installs a doorway into the Novell system. The door opens a user accoun t with supervisory rights which let one browse through the system and locate all network servers. This is a va luable dev ice since NetWare doesn' t really have tracking facilities for that level of access. The program will also work with bindery emulat ion on NetWare 4.X.

"SpareKey is part icularly benef ic ia l to a manager who doesn' t directly supervise the network but is responsible for it", said Mark Morrell, SpareKey's author. Entrance through the backdoor is restricted by a password, Each copy of the SpareKey program contains a unique password so a backup copy of the distribution disk is mandatory. As installation of the program requires supervisor

access, there are no security holes.

First released in 1993, SpareKey has upda ted its security features. All password and user names are encryp ted now. The program incorporates checksum, a mathemat ica l ca lcu la t ion which adds up all the characters in the file. If file contents have been changed , checksum's ou tcome will be altered,

"SpareKey's one weakness is that it is only as secure as the disk", says its creator, "It's a tool one can get and sit on. Hopefully, the buyer will never have to use it." Mr. Morrell recommends keeping the disk in a safe or safety deposit box.

Like that extra car or house key some of us think to leave at a friend's house, SpareKey can save a lot of t ime and expense should we lose our own. The program costs US$295 for a single server, $895 for a site license and $1295 for a service license,

Security in a Client Server Environment Dr L.G. Lawrence Vonaldy Pty Ltd

The object of this article is to identify the risks that are run in the network and communications aspects of a client/server environment and thus help to define what security controls ought to be put in place for these. However, before it is possible to do this we need to define what is meant by 'Client/Server' systems.

Definitions

Client/server architecture

In an art icle in Informafics, the ACS magazine, in October 1993, Dr, Robertson-Dunn gave a definit ion of cl ient/server as:

"A mode l of comput ing in which a system is part i t ioned into modules where commands and responses pass be tween modules such that one modu le acts as a request agent (the client) and another acts as a service provider (the server),

The server keeps no requester specif ic information or states. This means that each c o m m a n d is comp le te and is not dependen t on previous or future commands. It is possible for a server to also ac t as a cl ient by requesting services of another server."

The definit ion can be represented pictorial ly as in Figure 1,

This defini t ion has nothing specif ic abou t network operat ion or communicat ions. In fact a cl ient/server archi tecture can be adequa te l y deve loped within a single system. But this is not the impression of most peop le who seem to consider it necessary to have separated systems for a cl ient/server app roach to be possible. In the most commonly understood interpretation, A, B, and C in Figure 1 would be

01994 Elsevier Science Ltd 5