home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!haven.umd.edu!darwin.sura.net!jvnc.net!netnews.upenn.edu!netnews.cc.lehigh.edu!news
- From: kev@inel.gov (Kevin Hemsley)
- Newsgroups: comp.virus
- Subject: Re: NetWare and viruses - some new results (PC)
- Message-ID: <0008.9209021551.AA11708@barnabas.cert.org>
- Date: 24 Aug 92 21:07:45 GMT
- Sender: virus-l@lehigh.edu
- Lines: 69
- Approved: news@netnews.cc.lehigh.edu
-
- Mr. Fred Cohen writes:
-
- >Test 1: Exhaustive test of netware preotection setting on files and
- >directories against common viruses.
- >
- >Result: Only 3 of the 15 bits provide any protection - Execute ONLY?
- >NO GOOD!!! Read ONLY? NO GOOD!!!
- >
- >Result: Novell manuals are completely backwards in their depiction of the
- >rights granted through inheritance!!! If you follow the manual,
- >you get wiped out!
-
- I'm not sure what you mean by exhaustive test, but I think that if you
- review your test results again, you will find the following:
-
- 1. There is a clear distinction between NetWare RIGHTS and ATTRIBUTES.
- Attributes are an emulation and an extension of regular DOS file
- attributes. Rights are NetWare's own security implementation.
-
- 2. Viruses cannot directly alter _ASSIGNED EFFECTIVE RIGHTS_. Rights
- security controls which directories, subdirectories and files a user
- can access and what the user is allowed to do with them. Rights
- Security supersedes attribute security, in that a user must first be
- given access to a directory, subdirectory or file before attributes
- can be defined for each.
-
- 3. The Supervisory right overrides any restrictions placed on
- subdirectories or files with an _INHERITED RIGHTS MASK_. Use of the
- Supervisory right will directly contribute to virus propagation when
- assigned independently, or in conjunction with any other combination
- of rights.
-
- 4. A virus which has Read, Write and File Scan rights, can infect
- target files. Therfore careful consideration should be given to use
- of the Write right.
-
- 5. In addition to the basic attributes of Archive, Read Only, System
- and Hidden, NetWare adds several other attributes to extend the
- limitations of DOS attributes. NetWare attributes are less effective
- against viral infection because of NetWare's excellent emulation of
- DOS. All DOS attributes can be changed by viruses. Only one
- attribute does not seem to be emulated exactly by NetWare. This is
- the System attribute. Use of the System attribute prohibits viral
- infection. The only other attribute which stops viral infection, out
- of the _18_ NetWare attributes is the Execute Only attribute.
-
- Because of the risk of Supervisor privilege misuse, Network
- administrators should not rely 100% on NetWare for protection.
- However, IMHO, careful assignment of rights will provide a better
- protection against virus propagation than no protection at all.
- Careful management of NetWare rights combined with an integrity check
- at login time will go a long way to keeping a LAN clean.
-
- I encourage Mr. Cohen to redesign his tests with a better
- understanding of Rights and Attributes. If your basic theory is to
- prove that NetWare Attributes are not effective against viruses, you
- will essentially be correct, however if your basic theory is that
- NetWare Rights are not effective against viruses, then you will, in
- general, be incorrect.
-
- I believe that if you reread the red books, you will find that they
- are correct their description of inheritance.
-
- --
- Kevin Hemsley | The cute message that used to
- Information & Technical Security | be here was destroyed by a
- Idaho National Engineering Laboratory | nasty .sig virus!
- (208) 526-9322 |
- kev@inel.gov | Please control your .sigs.
-
