CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [127]
The heart of NetWare security is the Novell Directory Service (NDS) or eDirectory (for newer Novell implementations). NDS and eDirectory maintain information about rights, access, and usage on a NetWare-based network.
A number of additional capabilities make NetWare a product worth evaluating in implementation. These include e-commerce products, document retrieval, and enhanced network printing.
Prior to version 5, NetWare defaulted to the proprietary IPX/SPX protocol for networking. All newer versions of NetWare default to TCP/IP.
Hardening Apple Macintosh
Macintosh systems seem to be the most vulnerable to physical access attacks targeted through the console. The network implementations are as secure as any of the other systems discussed in this chapter.
Macintosh security breaks down in its access control and authentication systems. Macintosh uses a simple 32-bit password encryption scheme that is relatively easy to crack. The password file is located in the Preference folder; if this file is shared or is part of a network share, it may be vulnerable to decryption.
Macintosh systems also have several proprietary network protocols that aren’t intended for routing. Recently, Macintosh systems have implemented TCP/IP networking as an integral part of the operating system.
To secure the system, you should verify that it is not configured to automatically log in a user at startup. Every system must require a username and password in order to gain access to the Mac itself, as well as to the network.
You should also configure a screensaver to automatically deploy after a few moments of inactivity. The screensaver can be any that you want to use as long as it requires a password to resume the session.
OS X, the successor to Macintosh, is a descendant of BSD-based Unix. As such, the information described in “Hardening Unix/Linux” applies.
Hardening Filesystems
Several filesystems are involved in the operating systems we’ve discussed, and they have a high level of interoperability between them—from a network perspective, that is. Through the years, the different vendors have implemented their own sets of file standards. Some of the more common filesystems are listed here:
Microsoft FAT Microsoft’s earliest filesystem was referred to as File Allocation Table (FAT). FAT is designed for relatively small disk drives. It was upgraded first to FAT-16 and finally to FAT-32. FAT-32 allows large disk systems to be used on Windows systems. FAT allows only two types of protection: share-level and user-level access privileges. If a user has write or change access to a drive or directory, they have access to any file in that directory. This is very unsecure in an Internet environment.
It is rare to find FAT used in the corporate world these days, but you should still know about it for the exam.
Microsoft NTFS The New Technology File System (NTFS) was introduced with Windows NT to address security problems. Before Windows NT was released, it had become apparent to Microsoft that a new filing system was needed to handle growing disk sizes, security concerns, and the need for more stability. NTFS was created to address those issues.
Although FAT was relatively stable if the systems that were controlling it kept running, it didn’t do so well when the power went out or the system crashed unexpectedly. One of the benefits of NTFS was a transaction-tracking system, which made it possible for Windows NT to back out of any disk operations that were in progress when Windows NT crashed or lost power.
With NTFS, files, directories, and volumes can each have their own security. NTFS’s security is flexible and built in. Not only does NTFS track security in access control lists (ACLs), which can hold permissions for local users and groups, but each entry in the ACL can specify what type of access is given—such as Read-Only, Change, or Full Control. This allows a great