S 2.102 Relinquishing activation of the remote console

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

With the help of the program SYS:\SYSTEM\RCONSOLE.EXE, the Novell Netware network operating system allows remote control of the Novell Netware server console from a workstation. The Novell Netware server is set up in the AUTOEXEC.NCF file by loading RSPX.NLM and REMOTE.NLM with the corresponding password. It should be ensured that the password is not contained in the AUTOEXEC.NCF file in plain text. This can be done by entering the command REMOTE ENCRYPT on the server console after running the REMOTE.NLM program. The password that has been called up is then encrypted and, if required, can be stored in the LDREMOTE.NCF file using the necessary command. The command in the LDREMOTE.NCF file is as follows:

LOAD REMOTE -E 0613BB68060099

Network analysis tools, so-called Sniffers, can pick up and save data exchanged between the workstation and the Novell Netware server. This includes the encrypted password which must also be entered in order to remotely control the Novell Netware server. Special software can be used to decrypt the encrypted password. Therefore, unauthorised personnel could be in a position to gain access to the Novell Netware server console via remote control.

In order to prevent remote sessions from being recorded with network analysis tools then simply replayed into the network, it should be ensured that signatures for the RSPX packets are activated. This can be checked using the command RSPX on the console of the server. The response should be as follows:

RSPX Packet Signatures:

All packets must contain signatures.

If no signatures are active, use the command RSPX SIGNATURES ON. As these functions are not supported by Netware versions prior to Netware 3.12, it is essential that the current version is used.

For security reasons, the option to remotely control Novell Netware servers should be avoided if prevailing conditions and operating procedures allow.

In general, however, the SYS:\SYSTEM\RCONSOLE.EXE program should not be used if C2 security is to be achieved (see also S 4.102 C2 Security under Novell 4.11)