CLI Reference Guide
1-8
Optimizing the NetWare Client Software
Improving Security
Improving Security
You can increase the security of your network by using the NCP packet
signature feature available in NetWare 4 and 3.12.
The following sections provide you with information and procedures for
setting a parameter used in the client workstation configuration (NET.CFG)
file and the SET command used at each NetWare server.
Using NCP Packet Signature to Improve Security
NCP packet signature is an enhanced security feature that protects servers
and client workstations using the NetWare Core Protocol™ architecture by
preventing packet forgery.
The NCP packet signature is optional because the packet signature process
consumes CPU resources and slows performance, both for the client
workstation and the NetWare server.
Without the NCP packet signature installed, a knowledgeable network
operator can manipulate the client workstation software to send a forged
NCP request to a NetWare server. By forging the proper NCP request packet,
an intruder can gain rights to access all network resources.
How NCP Packet Signature Works
NCP packet signature prevents forgery by requiring the server and the client
workstation to “sign” each NCP packet, using the RSA public and private
key encryption. The packet signature changes with every packet.
NCP packets with incorrect signatures are discarded without breaking the
client workstation’s connection with the server. However, an alert message
about the source of the invalid packet is sent to the error log, the affected
client workstation, and the NetWare server console.
If NCP packet signature is installed on the server and all of the network
client workstations, it is virtually impossible to forge an NCP packet that
would appear valid.