Netscape 2.02 and security

Dale E. Goodell GOODELD at fsa.wosc.osshe.edu
Tue Jun 18 15:10:41 EDT 1996 

This message is being cross-posted to multiple lists; my apologies 
for any duplication.

Each Netscape upgrade brings new problems when offering it at public 
workstations.  We are upgrading our public workstations to Netscape 
2.02 and have a network security question.
  
Windows for Worksgroups 3.11 and Netscape are installed on a NetWare 
3.11 fileserver. The Fortress program is used to secure Windows and 
IKIOSK (currently in beta) is used to disable a number of Netscape 
pull-down menu choices.  IKIOSK beta does not have the capability to 
disable choices within dialog boxes.  We also use a program to 
protect access to workstation hard drives. 

With the environment above, we still have a security concern.  This 
concern involves three File menu choices: "Mail Document", "New Mail 
Message", and "Save As."  These choices allow users access to a 
"Network" button.  In mail, for example, a user can attach a file 
and, using the Network button, see the directory structure for not 
only the workstation hard drive, but also network drives.  We have a 
utility to write-protect the local hard drive, and we can secure the 
network drives through the user login.  What concerns us the most, 
however, is that the "Network" button allows a user to see all 
fileservers on the network and map to any drive on any fileserver for 
which they have a login; the system will ask for a login name and 
password when connecting to another server.  We want to prevent 
someone from using this method to login to other network servers. 

The Network dialog box in Netscape appears to be the same as the 
NWUSER.EXE program, which is usually located in the \WINDOWS\SYSTEM 
directory. We have tried deleting this file, not only from the 
fileserver, but from the local hard drive as well, but to no avail.  
It seems as though this "Network" dialog box is somehow "hard-coded" 
in either Windows or Netscape.

The question is: can the Netscape Network button be disabled somehow, 
or if not, what is the best way to cope with this choice from a 
security point of view in a public mode.  We are trying to allow 
users to mail Web pages, but not use the built in mail client to read 
mail. 


==================================================================
Dale E. Goodell
User Support Specialist
Western Oregon State College Library
Monmouth, OR 97361

Internet:   goodeld at fsa.wosc.osshe.edu
Voice:      503/838-8891
Fax:        503/838-8399

More information about the Web4lib mailing list