Security Evaluation of a PC Network based on Intrusion Experiments

Journal article, 1996

This paper presents an intrusion experiment in which the target system was a Personal Computer network connected to a Novell NetWare 3.12 server. Undergraduate students with little security expertise and hardly any knowledge of the system served as attackers and were given the task of performing as many intrusions as possible. The objectives of the experiment were twofold: first, to learn more about how to gather and process data from intrusion experiments and to form a methodology applicable to a generic class of computer systems; and, second, to find out whether it is actually possible to create a secure system based on insecure PC workstations. This paper deals mainly with the latter objective, and investigates how and to what extent unevenly distributed security features, such as a “secure” file server with untrusted clients, affect overall system security. Furthermore, in experiments, as opposed to real life situations, it is possible to collect information about how the attacking process is carried out. Before the experiment, we anticipated that the attackers would create Trojan Horses on the clients to spoof other users during the login process, but we did not expect them to find as many serious vulnerabilities in the concept as they did. The experiment shows that untrusted PC clients have ample intrusion possibilities, and that the vulnerabilities can not be compensated by security features elsewhere in the system. Novell has undoubtedly spent more effort in securing the file server and its assets than in securing the clients in the system. This paper contains a summary of the security problems the attackers found, from which it is evident that several new security mechanisms must be added before a NetWare 3.12 system can be regarded as secure.