T 2.23 Security flaws involved in integrating DOS PC's into a server-based network

When integrating DOS PC's into a server-based network, security flaws may arise in a network which would normally be secure.

If, for example, DOS-PCs are connected to a Unix-network, then the use of Unix services such as telnet, ftp, NFS, RPC's, and X-Windows is possible. The security problems arising are basically no different to those on a pure Unix network.

However, when integrating DOS-PCs into a server-based network, additional uncontrolled network access may be created. Every network access point can be misused to tap into the network. By using appropriate software, Sniffer, this is also possible with a PC connected to the network. In this case it is very easy to listen to, and to misuse, all kinds of information, such as passwords and file contents that are transmitted over the network.

A PC user can also generally administer the PC himself. If he/she configures it to feign a false identity, he/she can use approved services such as NFS or RPC's to gain access to directories and files of other users from the server. This information can then be read, copied, forged or deleted without the knowledge of others.

DOS PCs integrated into a Windows NT network create a potential threat to the security of this system. Therefore, when copying files from the server to the hard disk of a PC, information relevant to the security of the system will be stored in a physically unsatisfactory manner, or when copying files to a local floppy disk drive, such information may be sent on to external destinations without being recorded by the auditing functions of the server. On the other hand there is the danger of importing a computer virus from a floppy disk drive which is not adequately protected.