Novell Netware
Novell Netware is a high quality, fast, network server. However, it has a number of problems.
The administrators
Novell has been originally been targeting the PC-market, and it definatly shows among the administrators. Many administrators has previously only had experience of insecure computing (using DOS and other singel user operating systems), and once they get “networked”, they move their insecure computing habits onto their networks. If you study Network setups, you are likely to find numerous insane setups. The antivirus software for networks wouldn’t be much needed if it wasn’t for bad administrators.
The users
The typical user is untaught, will use bad passwords etc. This is true for all operating systems. But Novell is often used in schools with lots of young teenagers, the systems also have numerous users who wants to learn security. And as these schools typically don’t offer such courses, the obvious result is that they’ll instead have pupils trying to learn security by breaking into the file server. This in conjunction with bad administrators can only end in problems.
Access Controll Lists
The ACL isn’t really hard to understand, but if you don’t think twice or jump around from NT to Unix to Netware, even the best can get confused. In a network which an Eleventh Alliance member was temporarily supervising, it turns out a Certified Network Engineer (CNE) had confused the settings in a very sever way which had devestating effects upon the security of the network. After notifying the CNE, it was fixed instantly. This shows that even the best sometimes makes misstakes here.
The filters
For some (insane) reason, Novell choose to add filters to just about any kind of ACL. This is bad, very bad. You can setup a file directory to look empty (an experienced administrator might notice this, but if he has no great reason to be suspicious he will surely miss this) and worse, you can hide users using ACL filters.
The backward compability – “security equal to”
Novell has a great, secure ACL system which would offer great security – if it wasn’t for some “support old-features” policy at novell. They added an old, terrible insecure feature known as” security equal to” just because the existence of such a feature in previous Novell versions. This means if a malicious user ever get write-access to any other object, he can easily backdoor the system (and in effect he get write access to all objects). Worse, a number Novell administrator books hardly point out these problems clearly (Novell’s Guide to Novell Netware 4.1 Networks mentions using “security equal” to ‘temporarily’ give some one access to certain objects, which is not very intelligent to do because in several situations that’s trivial to exploit into a backdoor).
The workstations
The typical Novell Network uses DOS, Windows 3.x or Windows 9x. These are all insecure operating systems which are simple to backdoor. Also, several companies use Windows NT rather badly setuped. In some installations, local administrator and network administrator is set to the same password, so the attacker basicly just has to crack a local workstation to become network administrator.