Can an Sys Admin prevent/stop Netware password hash extraction?
The best way for a Sys Admin to prevent Netware password hash extraction is to at least try the following: • Protect the server console. If the console is compromised, all bets are off. Don’t use RCONSOLE at all. Go to the console to do any administrator-type work. • Protect administrative accounts. If one of these accounts are compromised, once again all bets are off. Use these accounts minimally from secured workstations. • Clean up after yourself. If you run a BINDFIX, DSMAINT, or DSREPAIR, remember that you are leaving files out there that passwords can be recovered from. Do your business, confirm you don’t have to fall back using one of these leftover files and then delete and purge them. You see, once the server has been compromised, sometimes not even completely, there will be NOTHING to stop unwanted password recovery.