access rights (CIAC D-01)
access to SYS:SYSTEM not restricted
accounting not enabled
ACONSOLE not being prompted by a password (install remote.nlm)
applications and data are not separate (keep data and apps separate)
auditing not enabled
autoexec.ncf has passwords
Cache NetWare Password not disabled (Win 95 can read on NetWare client)
concurrent connections not limited
console not locked (always keep the console locked)
console not logged (enable conlog.nlm)
console not protected by a password (load RCONSOLE with password protection)
default passwords
dormant accounts
DOS is on file server
excessive object rights
excessive property rights
file server not secure (MONITOR LOCK SECURE CONSOLE)
ftp server has a memory leak (patch)
grace logins not limited (set grace thru SYSCON; limit grace logins to 3)
GUEST account (disable but do not delete)
HP-UX 9.04, 10.01, 10.10, 10.20 and NetWare 3.12 (CIAC H-92)
HTTP server insecure out of the box (disable the CGIs. convert.bas)
(htp://victim.com/scripts/convert.bas?../../file
Intruder Detection/Lockout enabled but has the default settings
(login attempts = 7, Bad Login Count Retention time = 30 minutes,
Length of Account Lockout = 15 minutes)
Intruder Detection/Lockout not enabled
invisible User IDs
IPX diagnostic services running (disable with IPXODI /d)
IPX tunneled through other protocols (i.e, IP)
login scripts missing (run SECURITY program)
login.exe on NetWare 4.0 and 4.01 (CERT 93-12, NASIRC 93-01)
(add seclog.exe file; get login.exe, v4.02)
login.exe (server/sys:login/login.exe) not authentic
NCP Packet Signature not turned on
nocrypt.exe running
password aging not implemented
passwords not set at a minimum length (default is 5; should be 8)
passwords not unique (require unique passwords)
passwords, old being re-used
passwords scripted in startup files
powerchute ups account has default password (APC)
print servers without passwords
program files not flagged with at least:
Copy Inhibit, Delete Inhibit, and Rename Inhibit (and Execute Only)
PUBLIC object has extra rights
rconsole password same as supervisor password (should be different)
rconsole session accessed by supervisor password (should never be done)
shell to DOS (run SECURE CONSOLE)
SUPERVISOR account has no password (comes that way be default)
SUPERVISOR account can be locked out if Intruder Detection/Lockout enabled
for SUPERVISOR
SUPERVISOR account not protected
SYS$LOG.ERR not monitored (this is where unauthorized activity is recorded)
SYS:LOGIN - all users should only have Read and File Scan rights
SYS:MAIL - all users should only have the Create right
SYS:PUBLIC directory - all users should only have Read and File Scan rights
SYS: SYSTEM - only the SUPERVISOR should have any rights at all
system not backed up on a regular basis
time restrictions not in use
unpassworded accounts
UPS not installed
user accounts have full rights to everything on the server
users can gain privileges to accounts of others (apply securefx.nlm)
virus scanning not being done (install virus scanner)
