Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!rutgers!mailrus!uwm.edu!psuvax1!psuvm!UOTTAWA!MONAT
From: MONAT@UOTTAWA.BITNET (Paul Monat)
Newsgroups: bit.listserv.novell
Subject: Re: SERVER SECURITY ????
Message-ID: <NOVELL%90011218454633@SUVM.BITNET>
Date: 12 Jan 90 23:21:46 GMT
Sender: Novell LAN Interest Group <NOVELL@SUVM>
Reply-To: Novell LAN Interest Group <NOVELL@SUVM>
Lines: 45
Approved: NETNEWS@PSUVM Gateway
In-Reply-To:  Message of Fri, 12 Jan 90 17:59:00 EST from <LANSYS@UBVMS>

>Hello,  we were told when we first began installing novell networks
>        to set up the rights for SYS: as ROS and add additional rights
>        where necessary for certain applications who require Create
>        ,delete, etc rights.
>
>        Well, even though we have a fairly secure menuing system (SABER)
>        we know that people can escape to the network prompt in several
>        applications.  What we did not know till recently, is that if they
>        can escape to the network prompt and CD around into various
>        applications they can copy the software off the server to their
>        local drives.
>
>        Are we missing something very obvious here, this seems like a low
>        level of security.  We do not like to hide all the files, since it
>        is a real hassel to do administration.
>
>        Any solutions, addons, experiences will be appreciated.
>
>LAN Systems             S.U.N.Y at Buffalo
>LANSYS@UBVMS

Consider reading the unreadable Novell manuals on the following subjects:

- Flagdir with the attribute Private hides sub-directories to users who
  do not have Search rights.

- Use Trustee Rights with "tightness"

- Declare some .COM and .EXE files Execute Only: go into Filer, select
  a directory with such executable files, hit file information,
  select the main executable file (WP.EXE for instance) and hit return,
  select Attributes and then hit Insert; a special Exec-Only attribute
  appears: it's only available to executable files and will not only
  copying. What a good function to hide so tightly in the documentation!

- Note that Ndir will show you all files (even the hidden ones) and their
  attributes but it does NOT show hidden directories (just remember
  where they are!). 'Flagdir *' shows you all directories even the hidden
  ones but you can't generalize the command to subdirectories such as
  with Ndir; for example: 'Ndir *.exe sub' lists alphabetically all
  .exe files in the directories and it's subdirectories.

     ^v^     Paul M. Monat                Tel: 613-564-6895/6500
     ^v^     Faculty of Administration    Fax: 613-564-6518
     ^v^     Canada    K1N 6N5            Bit: Monat @ Uottawa