40 Novell Client 2.0 SP1 for Linux Administration Guidenovdocx (en) 11 July 20085.2 Known Security ThreatsThe following section provides a list of known security threats for the Novell Client for Linux, anindication of how difficult it would be to exploit the threat, and what the consequences would be fora customer.Table 5-2 Known Security Threats5.3 Security Characteristics Section 5.3.1, “Identification and Authentication,” on page 41 Section 5.3.2, “Authorization and Access Control,” on page 41 Section 5.3.3, “Roles,” on page 41 Section 5.3.4, “Security Auditing,” on page 41Passwords, keys, and any otherauthentication materials are storedencryptedYes Passwords and other authentication materialsin temporary storage are encrypted to preventin-memory scanners.Security is on by default Yes There are no configuration options to enableor disable with the exception of packetsigning. Packet signing is enabled by default.FIPS 140-2 compliant No This product currently uses the ATB(authentication toolbox) instead of the NovellNICI product. Therefore, this product is notFIPS 140-2 compliant because ATB itself isnot FIPS-compliant.Description Consequence Likelihood DifficultyRepetitive password crackingattemptsIntruder detection lockout Low Hard“Stale” passwords Password expiration, grace loginenforcementHigh HardAttempted access out-of-hours orfrom unauthorized locationsDate/Time and Location restrictions at login Medium EasyPort scanners Unsuccessful pass of Nessus* scans;possible port hijackingMedium PossibleMan-in-the-middle attacks NCP request sequencing, packet signing Low HardWire frame examination andmanipulationSame protections as with other Novellproducts utilizing NCP and RSA-basedauthenticationLow HardMemory scanning for sensitivedataAll buffers containing sensitive data(passwords) are short-term in nature andare zeroed and/or freed immediately afteruse.Low HardFeature Yes/No Details