Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!rutgers!mailrus!uwm.edu!psuvax1!psuvm!GACVAX1!JOEL
From: JOEL@GACVAX1.BITNET (Joel Jackson)
Newsgroups: bit.listserv.novell
Subject: re: Network Security
Message-ID: <NOVELL%90011612555539@SUVM.BITNET>
Date: 16 Jan 90 06:03:00 GMT
Sender: Novell LAN Interest Group <NOVELL@SUVM>
Reply-To: Novell LAN Interest Group <NOVELL@SUVM>
Lines: 21
Approved: NETNEWS@PSUVM Gateway
X-VMS-To: IN%"novell@suvm.bitnet"

Concerning the following:

   >  Well, even though we have a fairly secure menuing system (SABER)
   >  we know that people can escape to the network prompt in several
   >  applications.  What we did not know till recently, is that if they
   >  can escape to the network prompt and CD around into various
   >  applications they can copy the software off the server to their
   >  local drives.

Using FILER to set the attributes of executable (.COM & .EXE) files to
EXECUTE ONLY status is one way of preventing users from copying the
software off of the system - the software isn't much good without the
executables.  A note of caution - You cannot (even as supervisor) reverse
or change this attribute back.  The ONLY thing you can do with the file
(besides execute/run it) is to delete it.  So have a good backup of it
in case you want to change the setup of the program at a later time.

Joel Jackson
Novell Network Manager
Gustavus Adolphus College
St. Peter, MN  56082