Known Security Threats; Security Characteristics - Novell CLIENT FOR LINUX 2.0 - ADMINISTRATION Manual

Feature
Passwords, keys, and any other
authentication materials are stored
encrypted
Security is on by default
FIPS 140-2 compliant

5.2 Known Security Threats

The following section provides a list of known security threats for the Novell Client for Linux, an
indication of how difficult it would be to exploit the threat, and what the consequences would be for
a customer.
Table 5-2
Description
Repetitive password cracking
attempts
"Stale" passwords
Attempted access out-of-hours or
from unauthorized locations
Port scanners
Man-in-the-middle attacks
Wire frame examination and
manipulation
Memory scanning for sensitive
data

5.3 Security Characteristics

40 Novell Client 2.0 for Linux Administration Guide
Known Security Threats
Section 5.3.1, "Identification and Authentication," on page 41
Section 5.3.2, "Authorization and Access Control," on page 41
Section 5.3.3, "Roles," on page 41
Section 5.3.4, "Security Auditing," on page 41
Yes/No Details
Yes Passwords and other authentication materials
in temporary storage are encrypted to prevent
in-memory scanners.
Yes There are no configuration options to enable
or disable with the exception of packet
signing. Packet signing is enabled by default.
No This product currently uses the ATB
(authentication toolbox) instead of Novell's
NICI product. Therefore, this product is not
FIPS 140-2 compliant because ATB itself is
not FIPS-compliant.
Consequence
Intruder detection lockout
Password expiration, grace login
enforcement
Date/Time and Location restrictions at login Medium
Unsuccessful pass of Nessus scans;
possible port hijacking
NCP request sequencing, packet signing
Same protections as with other Novell
products utilizing NCP and RSA-based
authentication
All buffers containing sensitive data
(passwords) are short-term in nature and
are zeroed and/or freed immediately after
use.
Likelihood Difficulty
Low Hard
High Hard
Easy
Medium Possible
Low Hard
Low Hard
Low Hard