|
|
Enron Mail |
NETWORK WORLD NEWSLETTER: DAVE KEARNS
on NOVELL NETWARE 06/05/01 - Today's focus: A NetWare security scare? Dear Wincenty Kaminski, In this issue: * Is there any truth to a recent security alert? * Links related to Novell NetWare * Featured reader resource _______________________________________________________________ Get answers to the most important LAN questions. Yours. This FREE Network World Town Meeting brings you face-to-face with industry leaders willing to share their ideas, insights, experiences, and vision. So you have the knowledge to plan, build, support, and secure your LAN - now and in the future. For more information on this event visit http://nww1.com/go/2936406a.html _______________________________________________________________ Today's focus: A NetWare security scare? By Dave Kearns With all the fervor of a recent religious convert, an overzealous network manager has been posting the following message to every newsgroup and e-mail list that has anything remotely to do with NetWare: "Use sbcon on NetWare 5.x to perform a backup (either NDS or the file system), after submitting the job qman generates a couple of files. Look in the submitted job directory in sys:queues. Using any text editor open the file with the .q extension. What do you see? Surely not your password in plain text?" Novell is aware of this ridiculous security flaw but were you or your container administrators aware of this also? Is what the message says true? Is there really a problem? Well, yes and no. It is essentially true. The password of the user creating the backup is in plain text in the file. But in a well-regulated network, only the administrative user (or administrator equivalent) has read rights to that directory. In a well-regulated network, a separate user is created to run backups, then limited to logging in from one single PC. So if only the administrator can get to the file and read it, if the password can only be used at one PC (which, presumably, is locked in a room or in the administrator's office) there is no real security problem. Novell, and most well-read NetWare managers, have known about this for years. It's a sign of how low priority it is that no change has been made yet, or perhaps it's a sign of how few people use SBACKUP. In any case, there is no cause for alarm. _______________________________________________________________ To contact Dave Kearns: Dave Kearns is the Word Wrangler for Virtual Quill, a writing agency serving the computer and networking industries. If your target customer doesn't know your product, doesn't know its uses and doesn't know he needs it, he's not going to buy it. From books to reviews, marketing to manuals, VQ can help you and your business. Virtual Quill - "words to sell by..." Find out more at: http://www.vquill.com/, or by e-mail at mailto:info@vquill.com. _______________________________________________________________ RELATED EDITORIAL LINKS Novell spinoff lays off 10% of workforce - Computerworld, 05/24/01 http://www.nwfusion.com/news/2001/0524novellspin.html MarchFirst files for bankruptcy protection - IDG News Service, 04/13/01 http://www.nwfusion.com/news/2001/0413marchfirst.html Breaking Novell and NetWare news, updated daily: http://www.nwfusion.com/news/financial/novell.html Archive of the Novell NetWare newsletter: http://www.nwfusion.com/newsletters/netware/index.html ______________________________________________________________ FEATURED READER RESOURCE User Excellence Award If you've completed an interesting network project in the last 12 to 18 months, here's your chance to gain industry recognition for it. Network World is currently accepting nominations for its annual User Excellence Award. For more information and an online nomination form, go to http://www.nwfusion.com/nw/awards.html#excellence Deadline for submission is June 11. _______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Fusion Sales Manager, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2001 ------------------------ This message was sent to: vkamins@enron.com
|