
176 Managing Network Vulnerability Assessment
Exhibit 4. Analysis (Continued)
The lack of security-oriented default user profiles on Novell servers means
that critical data can be accessed from a noncritical system.
Recommendation. A firewall or segment configuration policy is needed
that defines the users who are allowed to access particular segments of
the network (ISO 17799, 9.2). Access to subnets can be achieved with
screened subnet architecture, proxy services, or interior routers.
User Accounts without Passwords
Risk = high. We discovered several accounts with no assigned passwords.
The lack of a password assigned to an account means that no authen- ...