84-10-20 NetWare 4.X Security Previous screen Jeffrey L. Ott Payoff Novell's NetWare 4.X offers improved security features over previous NetWare releases. To capitalize on the strengths of 4.X, system and information security administrators must relearn how to manage the NetWare environment and the security of the information assets across the . This article discusses the differences between NetWare 3.X and NetWare 4.X security and identifies the tools that security administrators will have at their disposal for securing the NetWare 4.X environment.

Introduction The mid-1980s hosted a surge in the use of computer hardware and software in businesses worldwide. In many organizations, PCs were purchased for isolated departments without the guidance of corporate information systems departments. Soon, these isolated departments began to connect their PC workstations and common area printers together by using low-cost Network . Leading the network operating systems war was Novell's NetWare, which proved over time to be both efficient and cost effective. As departmental local area networks (LANs) grew, so did the need to incorporate these departmental LANs into other LANs within the organization. Although NetWare 3.X had become synonymous with the LAN network operating systems, it fell short of meeting the business requirements of the newly emerging client/server environment. From a system management perspective, NetWare 3.X lacked the ability to manage multiple servers from a single location. In response to this need, Novell released NetWare 4.X. This article discusses the differences between NetWare 3.X and NetWare 4.X security, and identifies the enhanced tools that security administrators will have at their disposal for securing the NetWare 4.X environment. The article also presents particularly sensitive areas of security concern for NetWare 4.X security administrators.

Understanding Netware Security Basics The three fundamental components of information security are availability, confidentiality, and integrity. á Availability. The information system (i.e., the LAN, mainframe, mini, or attached network) must be available whenever it is needed.

á Confidentiality. The information system and the data on the system must be available only to those who are authorized to use it. This requires the authentication of users who attempt to access the system and other measures, as needed, to limit users' access to only the information that they require for job-related duties. á Integrity. The information system and the data on that system must remain free from unauthorized, intentional (i.e., malicious and preplanned)and unintentional (i.e., accidental) modifications. These threats may come from within the organization or from outside the organization. Any information security program, application, and implementation must address these three fundamental components. Network Security Exposures and Risks Previous screen Many threats to information systems attack the hardware, software, and information on a system. Network hardware includes all of the physical pieces of the LAN, including the server, cables, wiring, telecom devices, routers, bridges, printers, and peripherals. Network software includes all of the applications, operating systems, and other programs executing on the network. Network information includes all of the information that resides on the LAN, such as application data, configuration parameters, and transmissions. Threats to a LAN include any intentional or unintentional destruction, modification, or disclosure of information. These threats range from the actions of hackers to industrial espionage and natural disasters. The most common disruptions of service occur as a result of mistakes made by employees. Security administrators should begin an analysis of the threats to the software and the information on the LAN by evaluating the physical security of the server. The server should be in a locked room, which will protect the equipment (e.g., the servers, tape backup devices, and media) from theft and from malicious use of the console. The console is the command center of a NetWare LAN; it is from the console that NetWare Loadable Modules (NLMs)are loaded. Anyone with access to the console has the ability to place NLMs on the system--many of which are malicious in nature, such as BURGLAR.NLM and SUPERPWD.NLM. The server should be connected to an uninterruptable power supply (UPS). An UPS will provide a window of time in which the system administrator can power down the server during an extended power outage. The UPS also cleans and filters electricity before it reaches the server, thus eliminating power surges, spikes, and brownouts.

Netware Directory Services NetWare 4.X marks a radical change in NetWare security. The single most important change to NetWare is the introduction of NetWare Directory Services(NDS). NDS replaces the server-based Bindery of NetWare 3.X with a global, hierarchical, loosely consistent and replicated data base of all of the network resources and their associated properties. NDS enables NetWare 4.X to be an enterprisewide , because it allows NDS system administrators to create one flexible hierarchical directory for an entire network, and for an almost unlimited number of network resources. Implementation, administration, and management of NDS should be the first priority of the security administrator handling NetWare 4.X security. Exhibit 1 presents the security-related differences between NetWare 3.X and NetWare 4.X.

Comparison of NetWare 3.X and 4.X Security Features Feature NetWare 3.X NetWare 4.X ------Previous screen Maximum number of users connections per server 250 1,000

Object based naming service No Yes

Single login to network No Yes

RSA public/private key encryption No Yes

Restrict login to specific address No Yes

NDS event auditing N/A Yes

File system auditing No Yes

Independent network auditor No Yes

Independent network auditor password No Yes

Audit user security transactions No Yes

Audit supervisor transactions No Yes

Audit file-creation statistics No Yes

Audit directory creation statistics No Yes

Audit volume statistics No Yes

Filter transaction logs No Yes

Transaction monitoring and auto log updates No Yes

Multiple auditors No Yes

Remote console session security No Yes

Remote console callback No Yes

Network supervisor Yes Yes

Workgroup manager Yes Yes

User account manager Yes Yes

File server console operator Yes Yes

Determine who has console and supervisor privileges No Yes

Audit trail name service events No Yes

Governmental C-2 level security certification No Yes An NDS directory is typically illustrated as an upside-down tree, with the roots at the top and the branches and leaves at the bottom. This representation of the NDS architecture should help security administrators to conceptualize the layout of a NetWare 4.X network. Exhibit 2 presents a basic NDS directory tree structure. Security rights in the Previous screen NDS structure flow down: if a user has access at a higher level in the NDS directory tree, the user will generally have access to branches and leaves beneath the permitted level.

NDS Directory Tree

NetWare Directory Services Objects The NDS data base is comprised of objects. NDS objects are not physical objects; they are object representations and the object's associated properties. This allows the physical object (e.g., the user, server, or device) to be physically removed from the server where the NDS resides. This treatment differs from the Bindery treatment of network objects in previous releases of NetWare, in which the Bindery was aware of only those objects that were directly attached to its server. The NDS structure facilitates the management of an enterprisewide network. For example, the administrator does not need to know the address or location of a printer to permit a group of users access to that printer, nor must the administrator create new logon IDs for these users for the printer s server. Instead, the administrator provides access to the requested printer to the group, even if the printer is a continent away. Each NDS object has a set of properties, and each object property has associated property values. For example, the user object's associated properties include name, other name, description, location, and telephone number. The data entered for each of those properties are the property values. There are three basic types of objects in an NDS directory: á Physical objects (e.g., users, servers, and printers). á Logical objects (e.g., user groups, queues, and partitions) á Other objects (managerial objects that help organize the other objects in the NDS directory tree, such as Organization and Organizational Unit objects.) There are also three different classifications of objects: á Root object. á Container object.

á Leaf object.

Root Object. When NetWare is installed, the root is placed at the top of the directory tree. The root cannot be renamed or removed, and is always designated with brackets (i.e., [Root]). Container Objects. When NetWare 4.X is installed, one container object is created. Container objects form the next part of the directory tree after the root. A container holds other objects, which must be other container objects or leaf objects. The container object provides a means to organize a directory logically. Within container objects are two further classifications: á Organization. This organization (O) classification marks the next level following the Previous screen root. The organization could be divisions or departments within a company, departments in a university, or any other logical grouping. The organization object can contain leaf objects or organizational unit objects. á Organizational Unit The organizational unit (OU) is a subunit of the organization and is an optional division to help group similar leaf objects. Organizational units can be used to designate, for example, departments within a division or project teams in a department. An organizational unit can contain another OU or leaf objects. Country and locality are two additional container objects. Although they are used less often, country objects can be used to group multinational companies and locality objects can be used for further classification of large groups. Leaf Objects. Leaf objects form the end of the directory tree. Leaf objects represent network components and entities and contain no other objects. User IDs, group IDs, and servers are examples of leaf objects. There are 16 different leaf objects definable to NetWare. These are listed in Exhibit 3.

NDS Leaf Objects

User Related Objects User User objects represent actual users who are permitted to log onto the system and use network resources. Group Group objects represent a list of users on the network. This permits granting rights based upon the needs of a group of users, such as access to network programs and data files. Profile Profile objects represent a shared login script. Profile scripts are executed after the container login script and before the user s login script. Organizational Role Organizational Role object represents a position or function within an organization. This object can be used in instances where the actual person may change, but responsibilities and duties performed by that person s role do not. Server-Related Objects NetWare Server NetWare objects represent any server running any version of NetWare. NetWare 4.X servers are automatically added: servers running earlier versions of NetWare must be manually added. Directory Map Directory Map objects contain path information to facilitate the mapping of the file system. They do not contain an actual file directory structure. Directory Maps are used primarily for login scripts. Volume Volume objects represent actual physical volumes that are attached to the network. Printer-Related Objects Printer Printer objects represent physical printing Previous screen devices that are attached to the network. Print Queue Print queue objects represent print queues that are attached to the network. Print Server Print server objects represent print queues that are attached to the network. Informational Objects AFP Server AFP server objects represent NetWare nodes that support the AppleTalk Filing Protocol. Computer Computer objects represent nonserver computers or routers that are attached to the network. Messaging Related Objects Distribution List Distribution list objects contain a list of E- mail recipients. External Entity External entities represent a nonnative NDS object that is imported into or registered in NDS. The NetWare MHSTM system uses these objects to represent users from Bindery- based directories to provide an integrated address book for sending mail. Message Routing Group Message routing groups represent groups of messaging servers that can transfer messages directly between each other. Message Server Message server objects represent messages that reside on a NetWare server. Miscellaneous Alias An alias object refers to an object in the network. This object can become a security risk if the alias object refers to an ADMIN ID. Bindery Bindery objects are created by NetWare migration utilities to provide for backward compatibility with earlier NetWare versions. Bindery Queue Bindery queue objects are created by migration utilities to provide backward compatibility with earlier NetWare versions. These objects represent non-NDS queues, such as Bindery- based printer queues. Unknown An Unknown object represents any NDS object that cannot be identified as belonging to any existing object types.

User Related Objects ------User --User objects represent actual users who are permitted to log onto the system and use network resources.

Group --Group objects represent a list of users on the network. This permits granting rights based upon the needs of a group of users, such as access to network programs and data files.

Profile --Profile objects represent a shared login script. Profile scripts are executed after the container login script and before the user's login script.

Organizational Role --Organizational Role object represents a position or function within an organization. This object can be used in instances where the actual person may change, but responsibilities and duties performed by that person's role do not.

Server-Related Objects Previous screen Object Rights and Property Rights Earlier versions of NetWare provided little control over the security granularity of objects. The supervisor and supervisory equivalent accounts could access everything on the server. Some granularity was provided through the use of the workgroup and account manager IDs; however, this was not adaptable for organizations attempting to decentralize control and security. NetWare 4.X provides flexibility for administering objects across the network by separating the administration of the NDS data base from that of the file system rights. This has been accomplished through the addition of object rights and property rights controls in the NDS data base. Object rights govern what a trustee can do to an object, not the actual data stored in that object. The following are the object rights associated with all of the objects in the NDS directory: á Supervisor. This right designates full access privileges to the object and its properties. á Browse. This right allows the trustee to view the object in the directory tree that contains the NDS data base. á Create. This right allows the trustee to create an object in the directory tree below the current one. á Delete. This right allows the trustee to delete an object form the directory tree. á Rename. This right allows the trustee to delete an object's name. Each object has associated properties. For example, the NDS user object properties include full name, description, E-mail address, home directory, telephone number, and user ID (UID). The property rights flags control who has access to the values associated with the selected property. The following are a selection of property rights: á Supervisor (S). This right grants full privileges to the property. á Compare (C). This right allows a trustee to compare any value to a value of the property. It does not allow the trustee to see the property value, however, and returns only a value of true or false. á Read (R). This right allows a trustee to read the values of the property. The read right automatically includes the compare right. á Write (W). This right allows the trustee to add, change, or remove any value of the property. The write right automatically includes the add-self right. á Add/Remove Self (A). This right allows a trustee to add or remove itself as a value of the property, without affecting any other value. This right is used only in those objects that contain object names as a value, such as group lists or mailing lists. An administrator can grant all rights to all properties or assign specific rights to individual properties. “Selected rights” properties override any rights granted by “all rights.” The proper assignment of property rights can greatly add to the segregation and delegation of duties and responsibilities within an organization. This capability was Previous screen unavailable in versions of NetWare that preceded 4.X.

Access Control Lists The Access Control List (ACL) property of NDS directory objects designates which objects have trustee rights, what rights the trustees have, and the Inherited Rights Filter (IRF) for each object. The ACL contains the list of other objects in the NDS directory that have access to an object and its properties. The ACL does not indicate to what the object itself has rights.

Inherited Rights and the Inherited Rights Filter In the NDS directory tree, object and property rights flow downward from the upper levels of the directory tree and are inherited at the lower levels. This is similar to the flow of directory and file rights in previous versions of NetWare. Only the rights selected with the all properties assignment are inherited; selected rights are not inherited and always take precedence. A system administrator can block inherited rights with the inherited rights filter (IRF). The IRF stops the flow of rights to the branch or leaf objects from the parent object. It does not grant rights. Specific rights granted at the object level are not affected by the IRF.

Netware 4.X File Security There are very few differences between NetWare 3.X and 4.X file and directory security. Three notable changes to NetWare 4.X file security are: á The Inherited Rights Mask (IRM) was replaced with the Inherited Rights Filter (IRF). The IRF behaves in exactly the same manner as the Information Resource Management. á Additional attributes and attribute flags have been added to NetWare 4.X to accommodate data migration and file compression. á All rights, including the supervisory file right, are granted to users for their home directory during the user-setup process. Users and other objects must be granted the right to use directories, files, and subdirectories through directory and file rights. Additional protection for directories and files can be achieved through the application of directory and settings.

Directory and File Rights Directory rights should be used when rights must be administered to a group of similarly secured files. Instead of granting access to individual files within a directory, the administrator can grant rights at the directory level. Because directory rights flow downward in the directory tree, all files in that directory will inherit the established rights. NetWare file system directory rights are: á Supervisor (S). This right grants the user full privileges to the directory and its files and subdirectories. The supervisory right overrides any restrictions put in place with the IRF. Users with the supervisory right can grant other users supervisory rights to the directory and its files and subdirectories. á Read (R). This right allows the user to open and read a directory. Previous screen á Write (W). This right allows the user to open and write to files; however, the user cannot display information in the file unless the(R) right is also granted. á Create (C). This right allows the user to create directories and files. á Erase (E). This right allows the user to delete a directory and its files and subdirectories. á Modify (M). This right allows the user to change directory and file attributes. Additionally, the right allows the user to rename the directory and its files and its subdirectories. It does not grant the right to modify file contents. á File Scan (F). This right allows the user to see file names in a directory listing. á Access Control (A). This right allows users to change directory trustee assignments and the directory s IRF. This right also allows the user to modify file trustee rights within the directory. The right allows users to assign any right, except the supervisory right, to any other user. Rights granted at the directory and subdirectory level flow down and are inherited by all files in that directory. It may sometimes be necessary to assign rights to specific files, thereby overriding rights assigned at the directory level. This is accomplished by assigning file rights. NetWare file rights are basically the same as directory rights, with some minor differences: á Supervisor (S). This right grants the user full privileges to the file, including the ability to assign any right to this file to any other user. The supervisory right also allows the user to modify the file's IRF. á Read (R). This right allows the user to open and read the file. á Write (W). This right allows the user to open and write to the file. á Create (C). This right allows the user to create a file and to salvage a file after it has been deleted.

á Erase (E). This right allows the user to delete the file. á Modify (M). This right allows the user to rename the file and to modify the file's attributes. It does not grant the right to modify file contents. á File Scan (F). This right allows the user to see the file name in a directory listing. á Access Control (A). This right allows the user to modify the file trustee assignments and the file s IRF. The right allows users to assign any right, except the supervisory right, to any other user. Just as in NDS object security, file and directory rights can be blocked, but not granted or reassigned, through the use of the IRF. Directory and File Attributes Previous screen NetWare file system provides additional security through the application of directory and file attributes. Attributes control what can be done to a directory or file. Most of these attributes are the same as in earlier versions of NetWare, with the addition of the attributes dealing with compression. Once set, attributes rarely change. Directory attributes and file attributes are listed in Exhibit 4. Attributes that are unique to NetWare 4.X are preceded by an asterisk.

Directory and File Attributes

Directory Attributes ------

Attribute Description ------*Don't Compress (Dc) Prevents compression of files within the directory

Delete Inhibit Prevents users from erasing directories even when they have been granted the Erase trustee right.

*Don't Migrate (Dm) Prevents files within the directory from being transferred to secondary storage, such as a tape drive.

Hidden (H) Prevents a directory from being displayed from DOS DIR scans. NDIR will display the directory if the user has the appropriate File Scan rights.

*Immediate Compress (Ic) Forces NetWare to compress the files in the directory as soon as possible.

Normal (N) Flags a directory as Read/Write and nonshareable and removes most other flags.

Purge (P) Forces NetWare to totally purge all files in the directory after the user deletes them. This attribute prevents files in the directory from being removed by the SALVAGE command.

Rename Inhibit (Ri) Prevents a user from renaming a directory.

System (Sy) Prevents directories from being seen by DOS DIR scans and prevents them from being deleted or copied. NDIR will display the directory if the user has the appropriate File Scan rights.

File Attributes ------

Attribute Description ------Archive Needed (A) Indicates the file has been modified since the last backup.

Copy Inhibit (Ci) Prevents the file from being copied (Macintosh files only).

*Don't Compress (Dc) Prevents compression of the file data, overriding settings for automatic compression.

Delete Inhibit Prevents users from erasing the file even when they have been granted the Erase trustee right.

*Don't Migrate (Dm) Prevents the file from being transferred to secondary storage, such as a tape drive.

Execute Only (X) Prevents the file from being copied modified Previous screen Implementing and Administering Netware Security Determining the necessary level of NetWare 4.X security depends on many factors. Many organizations attempt to assess how sensitive the programs, data, and files are on the system, and assign security based on these factors alone. However, it is just as important to value the information on the system. Many guidelines and formulas are available for establishing a dollar value for business information. A formal information valuation review should be performed on a regular basis. Available formulas take into account the exclusiveness of the information to the organization, the cost of creation or recreation, the operational impact if the information is unavailable, and other related factors. Ideally, LAN security should be implemented when the LAN is installed or when the operating system is converted (e.g., from NetWare 3.X to 4.X). However, this rarely occurs. More often, the security administrator is asked to review a new system the week before it is to be placed into production. This can result in delayed projects and inadequate or incomplete security implementations. However, NetWare 4.X has the flexibility required to meet most organizations needs.

New Administrative Tools SYSCON, the DOS-based NetWare system administration utility, is not used in NetWare 4.X. It has been replaced by two different administrative programs. For Windows and OS/2 environments, the program NWADMIN provides a full Windows-based environment for the management of NDS and the file system. NWADMIN supports limited drag and drop: to add users to a group, the system adminstrator selects can select the users, drag them to the appropriate group, and drop them. Care should be taken when using this utility, because the NWADMIN interface makes it extremely easy to change enterprisewide security through a single drag and drop. For administrators partial to DOS, there is a DOS-based application, NETADMIN, that is a text-based management tool. It is similar to the SYSCON application, but has been rewritten for NetWare 4.X. Additional DOS-based management tools include FILER and RIGHTS. These tools are designed to help the DOS-based administrator manage NetWare 4.X by using command lines and DOS menus. They do not provide any additional functionality over the Windows-based NWADMIN.

The ADMIN User ID The ADMIN account of NetWare 4.X has replaced the SUPERVISOR account, which in earlier versions of NetWare controlled and maintained both the file system and network resources, including users. When NetWare 4.X is installed, two IDs appear: ADMINand GUEST. The ADMIN account has all of the capabilities of its predecessor. However, with the flexibility of NetWare 4.X s NDS, these capabilities can be distributed to multiple subadministrators throughout the organization. One of the greatest benefits of NetWare 4.X is that it separates file system administration from NDS administration. It is possible to create administrators for different segments of the directory tree. This capability was not included in earlier versions of NetWare, and positions NetWare 4.X for the management of enterprisewide LAN environments. NetWare Directory Services Security Administration Previous screen NetWare Directory Services is delivered with default security settings that provide little security. It may be necessary to implement greater security based on an organization s requirements. If the organization is implementing a decentralized security structure, NDS is designed to create subadministrators for each branch of the directory tree. This is especially useful when organizational units represent different geographical locations. If the sales department is located in Denver and manufacturing is based in Miami, the ADMIN abilities of these two departments can be segregated. Moreover, the overall ADMIN can be prohibited from accessing the individual departments. Security administrators should focus on containers and groups when implementing NDS security. This approach is more economical than attempting to keep track of individual user rights. For example, if a user needs certain trustee rights to access and run a word processing application on the network, the system administrator should create a group called WP, assign the needed rights to the Group WP, and make the user a member of this group. Because rights flow down the directory, any user in this leaf object WP will inherit the necessary rights. NDS object rights do not apply to the file system. The one exception to this rule is for the server object. Anyone with supervisory right or write property right to the server ACL will have supervisory right to every volume attached to that server. Therefore, this right should be granted judiciously. As a general rule, supervisory rights should be granted as low in the directory tree as possible.

File System Administration NetWare files are protected in two ways. First, user access to directories and files must be granted by the adminstrator. Second, directory and file attributes can be employed to provide additional protection. The handling of rights and the determination of effective rights is the same as in previous releases of NetWare. File system rights can be assigned to containers, groups, organizational roles, users, and the [Public] trustee.

Auditing Netware 4.X Events NetWare 4.X provides better auditing of network events than did earlier releases. After NDS, the ability to audit network activity is the second greatest security enhancement in NetWare. Auditing system events is critical for establishing effective security on any computer system. Auditing system events aids in identifying security violations, identifying problems in user training, determining if procedures are being followed, and trouble- shooting the network. NetWare can audit the following types of NDS events: á Object create and deletes. á Object moves and renamings. á Object security equivalence charges. á User logins and logouts. NetWare can audit the following types of directory and file events: á Directory and file creation, modification, and deletion. á Directory and file rename, move, and salvage. á Print queue creation, service, and deletion. Previous screen NetWare can audit the following types of file server events: á Server outages. á Bindery object creation and deletion in 3.X and 4.X mixed environments. á Volume mounts and dismounts. á Modification of security rights. NetWare 4.X is capable of tracking many different types of events. However, the number of events that are audited on a daily basis should be limited to those events needed for the daily report and security violations related to NDS objects and the file system. Other events can be temporarily audited, as necessary, and then disabled. In most organizations, an auditor has been assigned the task of occasionally reviewing the activity of the system. Additionally, a security administrator is assigned the responsibility of reviewing daily reports to identify excessive security violations. NetWare 4.X gives these individuals the ability to read and monitor system events, without the ability to change system settings. This is accomplished using the AUDITCON utility.

AUDITCON The auditor should use AUDITCON to configure and manage the audit subsystem of NetWare 4.X. AUDITCON is password protected; thus, only authorized personnel can run the utility. Once an auditor logs on and changes the password, the auditor is in full control of NetWare auditing and can configure the audit environment, select audit events, create reports, and maintain audit files. Using AUDITCON, auditors can monitor and track network events, but they cannot open, view, modify, or delete files unless they have been given the appropriate rights by the ADMIN. Additionally, auditors must have browse rights to all of the containers that must be audited.

Audit Reports AUDITCON allows the auditor to view the audit trail and produce reports, either online or exported to a text file. The audit trail may contain an enormous amount of data, much of which can be confusing if not properly filtered. The auditor should use filters to extract the information required for the report by using existing filters, modifying existing filters, or by creating a new filter. The auditor can filter the audit trail by specifying the following options: á Report by date and time. á Report by event. á File events. á QMS events. á Server events. á User events. Previous screen Exclude paths and files.Exclude users.Include paths and files.Include users.

Third-Party Security Audit Tools Several products are available for the review of NDS and files system security under NetWare 4.X. These products provide a quick and informative look at security on the LAN. They are not active, but report from a snapshot of the security at the time that the product is run. Third-party tools are effective time-savers for performing security reviews of the entire network. The market leader in this area is the New York-based Intrusion Detection Kane Security Analyzer (KSA). The KSA is a Windows-based application that runs off of a workstation attached to the LAN. It reads the NDS and file system data bases to produce security reports that are based on standards that the auditor configures. Intrusion Detection, Inc. can be reached at(800) 408-6104 or at its web site: http://www.intrusion.com. Bindview, by The LAN Support Group, is a DOS-based tool that will collect NetWare statistical information and produce security audit reports based upon filters and parameters set by the auditor. The LAN Support Group can be reached at (800) 749-8439 or at its web site: http://www.bindview.com.

Security Concerns For Netware 4.X Security implementations must be based on an organization's specific needs and goals. However, there are several areas of concern that should be addressed by any organization that implements NetWare 4.X.

Administration Under earlier releases of NetWare, one problem faced by many organizations was the wide spread use, and abuse, of the supervisor and supervisory equivalent ID. Although this can still be a problem with the use of ADMIN and other IDs with supervisory rights at the root level, security administrators can use NetWare 4.X to limit the abuse of this ID in the following ways: á Security administrators should grant subadministrators supervisory rights at the container or subcontainer level, but not at the root level. This will allow these subadministrators to perform their duties but will not grant them rights to the entire WAN.

á Security administrators should use IRFs to block higher level ADMIN IDs from having supervisory rights at container and subcontainer levels. However, it would be best to keep one or two IDs with full access for use in emergencies. á Security administrators should audit and track all of the activities performed by the ADMIN or ADMINequivalent IDs.

Users Security administrators should manage users at the group level. This will simplify administration and management. The security administrator can use the special NDS object, USER_TEMPLATE, to set up each user group in a consistent fashion. A user template can be set up for every container, and the administrator can establish default parameters for users setup, such as login time restrictions, password restrictions, group memberships, and print Previous screen job restrictions.

Alias Objects Aliases can be a powerful tool for network administrators. An alias takes on the appearance of the original object. For example, if a network administrator needs to establish access to an object for many users, but knows that the object's location will eventually be moved, he or she can set up an alias to the original object and point all of the users to the alias. When the time comes to move the original object, the adminstrator can do so without interfering with user group. This can be a problem if aliases are created for users with supervisory rights. It is possible for someone to create an alias user ID to the ADMIN ID and thereby gain total access to and control of the system.

Conclusion NetWare 4.X is Novell s strongest Network Operating System, and is equipped with features for the implementation and management of a wide area network. Moreover, NetWare 4.X can be configured to meet the security requirements of all but the most restrictive organizations. It provides for secured logins, decentralized and segregated administration of the file system, and the complete auditing of network activities and events by a separate, independent auditor. Security threats to the NetWare 4.X LAN are similar to those that threatened earlier versions of the network operating systems. What has changed is the capability of NetWare to ward off these threats by providing the administrator with the tools to manage them. Author Biographies Jeffrey L. Ott Jeffrey L. Ott is a Partner at Available and Secured Knowledge (ASK) Consulting, LLC, in Berthoud, Colorado.