DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  Netware

SYSTEMS AFFECTED

  Win 95
  

PROBLEM


    The following text is Paul Brainard copyright.

    With Remote Administration and  File Sharing for Netware  Networks
    enabled  on  a  Windows  95  machine,  once a remote administrator
    accesses the system, a shared resource pointing to the hard  drive
    is created  to which  all users  on the  same network have access.
    This share  remains available  even after  the administrator  logs
    off the system.

    The shared drive is not visible by browsing through the  Explorer,
    but may be found by mapping a network drive to  \\computername\C$.
    This gives read-only access to the entire local hard drive of  the
    sharing computer.



EXPLOIT

  

SOLUTION


    Defending  against  this  problem  is  a  common  sense issue that
    requires  a  bit  of  dicipline  and  dilligence. DON'T ALLOW YOUR
    NETWORK  ADMINSTRATORS  TO  LOG   ON  TO  WORKSTATIONS  WITH   THE
    "ADMINISTRATOR"  ACCOUNT  UNDER  ANY  CIRCUMSTANCES.  KILL  HIM IF
    NECESSARY.  This  simple  policy  will  also  help prevent against
    password cache attacks.  Remember,  when you log on to  a standard
    Windows workstation, you user passwords are cached -- unless  this
    feature has been disable.