Adding Security to Your NetWare Environment
By Eric Allred


Eric Allred administers a Novell NetWare network for a fortune 1000 company in the Seattle, Washington metropolitan area. He owns a consulting firm specializing in systems security and networking, and he writes a monthly column on PC systems security for "Technical Support" magazine, published by NaSPA. This white paper originally appeared in DPI's "Solutions" series on the basics of secure remote access.


After your Novell file server has been properly set up to take advantage of its native security, you should focus on adding security over and above what is offered with NetWare. Why? Because NetWare Connect was specifically designed to be an access product, not a security product.

There are a variety of security solutions you can employ to add to native NetWare security. Additional security products ensure that your system will be protected as you add remote users. In my opinion, it is critical that remote or "on-net" users be properly authenticated. There are a variety of methods for user authentication, including:

  • Dial Back
  • Caller ID and ANI
  • Encrypted Modems, Devices and Software
  • Challenge-Response Systems

    It is not uncommon for several of these methods to be combined to create a more secure environment.

    Dial Back Security

    After remote users have been identified, your modem can dial back for an additional level of verification. However, users must be at a predetermined phone number to receive the dial-back call, which is not very practical in today's world of traveling PCs. If an intruder tries to initiate the process and is not at the proper phone number, he or she will not receive the call back. Consider the following when contemplating this solution.

    The greatest advantage to using dial back as a solution is its low cost. Quite a few remote communications packages support dial back as a security feature, and some modems support dial back at the hardware level. With so many software and hardware platforms supporting dial back, it is a fairly easy solution to implement. The system will become more difficult to support as the number of remote users increases. On the down side, this solution can create phone billing issues, such as who pays for the calls. On the positive side, it can also eliminate billing issues. It depends on how you set it up.

    A cautionary note: remote users should use phone services that do not include call forwarding, or they should shut off the call forwarding feature. Remote users with call forwarding could allow intruders to validate themselves by forwarding phone calls to any location they want. There are many, easy methods to gain access to phone numbers and to change an individual phone number at a remote user location.

    Also, make sure that when the call-back process occurs, an actual hang up on the host side occurs. Some phone systems only hang up the call if the calling party hangs up first. Hackers have found that they can hold the line open and spoof the host into thinking a call back verification has occurred. You should thoroughly test for this possibility and eliminate it on any system where call back will be used as a security measure.


    Call-Back Security

    Pros:

  • Quick implementation
  • Inexpensive solution
  • Can resolve phone billing issues

    Cons:

  • Can be spoofed by call forwarding
  • Can be spoofed if the phone system can't initiate a hang up at the right time
  • Difficult to administer with large call back lists
  • Not effective for users who travel to unknown call-back locations
  • Can hamper phone billing issues


    Caller ID and ANI

    Caller ID services are becoming readily available across the nation. These services are commonly know as Caller Number Delivery (CND) or Calling Line Identification. Another service, Automatic Number Identification (ANI), has been available for years to businesses as a component of certain types of phone lines. These services can be used to identify the phone number used by incoming callers. This could allow a remote user to be validated before the host's modem answered the phone.

    How does it work? The CND information is passed to the receiving end of the call between the first and second ring. The CND information is passed directly from the phone company switch that supports the caller to the switch supporting the recipient of the call. The recipient's switch then passes the CND information to the user's premises. There is no actual connection between the caller side and the receiving side before the phone is picked up. This makes spoofing nearly impossible.

    The largest drawback to using CND: in most areas, CND information is not passed between multiple phone carriers. So a call originating in phone company A's area does not pass the CND information to the recipient in phone company B's area. The FCC has stated that by April 1995, all the phone companies must be able to pass the CND information to any recipient phone company. This solution is dependent upon when the differing phone companies comply with this request.

    Some of the devices for CND verification sit between the phone system and the host's modem. These devices can be set to not pass the call on to the modem if the CND information does not match the remote user's table. There are several leading brand modems that are designed to support different CND features. A solution using CND for security could reside at the modem, a black box on either side of the modem, or in software. As this service becomes more transparent and readily available, it will be a good solution to add to the security tool box.


    Caller ID and ANI

    Pros:

  • Difficult to spoof
  • Inexpensive
  • Easy to implement

    Cons:

  • Not feasible where multiple phone company areas are concerned
  • Difficult to administer with large remote user lists
  • Not effective for users who travel to unknown calling locations


    Data Encrypting Modems, Devices, and Software

    Data encryption offers a level of user authentication in its use of keys to encrypt and decrypt data. There are several widely used encryption algorithms. The two most widely used are the Data Encryption Standard (DES) and RSA. DES is a public domain encryption algorithm, whereas the RSA algorithm is proprietary (privately owned). Both methods of security are based on a public key system.

    What is data encryption? A key is used to encrypt or decrypt a packet of information. The key used to encrypt/decrypt a packet of data works just like a physical key and lock. Without the proper key, a lock can not be opened or closed. Both the sender and recipient of the data must use the proper keys to view any information that is being exchanged.

    The negotiation of these keys can occur at a variety of times in the communications session. This key exchange process is handled in different ways for use in different encryption solutions. Keys should never be sent in the clear across phone lines. This means that the key used to encrypt/decrypt data should be known by both parties prior to the communications session. In some solutions, the user must actually enter the key. In others solutions, a hardware or software device handles the key negotiation.

    Encryption/decryption can be done through the use of special modems, devices that sit between the modem and computer, or by using software. As noted above, these devices or systems will usually handle key exchange and key changes. The process of encryption/decryption can add overhead to the communications process. In an environment where use of an extremely long key is used, the overhead can be significant.

    One of the side benefits of data encryption is that it maintains data confidentiality. In a case where the encrypted data stream is being monitored by intruders, they will not be able to decipher the contents of the data without the proper key. Even if an intruder is able to get the data-encrypted data stream, being able to decrypt it with today's systems is nearly impossible without the proper key. Important note: for encryption to be valuable, good key management should accompany the system.


    Data Encrypting Modems, Devices, and Software

    Pros:

  • Adds data confidentiality
  • User can be authenticated via their own key

    Cons:

  • Key management can be an administrative nightmare
  • Keys can be stolen or lost
  • Can be an expensive solution


    Challenge/Response Systems

    Challenge/response systems commonly authenticate remote users through the use of an encryption algorithm and a key (hand-held or software "token") or authentication tool. The host's system "challenges" the remote user with a random number. The user then enters the number into a hand-held (or software) device that encrypts it and displays a "result." The result is entered as a "response" that is sent back to the host. If the result from the remote user matches that of the encrypted result the host generates, the remote user is granted access.

    Challenge response systems offer the best added security, since the key values are either continually changed by the host on a time-based system, or are issued only once. Either way, your system is more secure. Some systems change keys at random times as often as every 30 seconds. Other systems generate unique, one-time only passwords every time a user logs on. Both types of systems offer a higher level of security than what is inherent with native NetWare security. Intruders cannot guess the "result" codes because the codes have gone through an encryption algorithm using a key value unknown - and unknowable - to intruders.

    Challenge/response systems typically consist of a hardware solution on the host end and a hand-held calculator type device on the remote end. Most of these solutions are operating system and host independent, so they can work with a wide variety of end user solutions. Challenge/response systems are usually easier to manage than most security systems. However, one of the most important components is key management. When you consider what type of challenge/response system will be best for your network, keep in mind key management. Look for solutions where end users and administrators do not have to spend a lot of time administering the system. Do not pass information over unsecured telnets, and, if possible, keep key management in-house. It's more secure.


    Challenge/Response Systems

    Pros:

  • It's impossible to guess passwords or spoof your way into the system
  • Only remote users with the authorized key (or token) can process the "challenge" and generate the appropriate "response"

    Cons:

  • Remote users must have a device to generate or process the challenge. They can be lost or stolen (although they are of no use to unauthorized users)
  • Depending on the number of users and which solution you choose, challenge/response can be an expensive solution



    All of the security strategies discussed in this chapter should be modified to fit a variety of remote access levels. Some systems utilize remote node access. Others use remote control or a combination of remote node and remote control. Your strategy must match your methods of remote communications to ensure security. As new solutions become available - such as authentication servers - keep in mind the range of possibilities, but don't forget the following factors. Look for:

    Easy system and key manageability;
    Long-term cost effectiveness (consider per-user cost, not just per-port cost);
    Level of security required;
    Scalability and flexibility (support for all the platforms in your environment), and
    Ease of use for both end users and administrators.