[PEN-TEST] NetWare 4.x/5.x Security Checklist

["Adams, Mark" <markadams () KPMG COM>]

I need to perfrom a security review on an NDS tree running NetWare 4.x and
5.x, and I was wondering if anyone had any good checklists for this.  I put
together a rudimentary one which covers NETBASIC.NLM, Browse rights for
[Public] at the tree root, etc., but I don't want to leave anyhting out.
The client does not have any third-party auditing tools like NOSadmin from
BindView, so any tips on using native NW commands like nlist would also be
helpful.

Mark Adams, CISSP
KPMG LLP - Information Risk Management
markadams () kpmg com


*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.

If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************