Networking / Beginners

NetWare security

Like the other network operating systems, NetWare has many security features to help secure the server and the network. The key areas of NetWare security include the following:

  • Resource access-Resource access in NetWare is controlled, as is everything else related to security, through directory services. For a user to gain access to a network resource-whether it be a file, directory, printer, server, or gateway-the appropriate permissions must be applied through the directory. Permissions can be granted to the user, to a group to which the user belongs, or to an NDS container object in which the user resides. Rights to objects can be inherited or gained from other user IDs through a process called security equivalence.
  • User authentication-As with the other network operating systems, accessing a NetWare server and network resources requires a username and password combination. To log on to a NetWare server, the context of the user must also be specified and, in some instances, the name of the NDS tree must also be provided. Context is a term used to refer to the user IDs location in the NDS tree. Without the correct context, the security subsystem is unable to identify the correct user ID and does not grant access to the server. Because the context can be complex and because the tree name is generally not used except at the point of login, it's common practice to configure users' workstations to default to a certain tree and context. This way, a user needs to provide only a username and password.
    Remember To gain access to a NetWare server, four pieces of information are normally required: a username, a password, a directory context, and the name of the tree to which the user wants to log in. In addition, you can specify a server name, although this is not required.
  • File and directory security-NetWare provides a very comprehensive file and directory permissions system, which allows rights to be assigned to users, groups, and other NDS objects. Rights are inheritable, which means that rights assigned at one directory level flow down through the directory structure until they reach the end of the directory tree, unless they are countered by an inherited rights mask or by an explicit trustee assignment. A similar process is used to manage and assign rights within the NDS directory tree, although the actual set of rights that can be assigned is different.

Like the Windows console, the NetWare console can and should be locked for security purposes. You can lock the NetWare console by using a utility called scrsaver, which you run from the server command line.

With the proliferation of Microsoft Windows server platforms, you might not actually get to work with a NetWare server. But if you do, you'll find that there is good reason why NetWare was king of the network operating system hill for so long.

File system security on NetWare is the most sophisticated of any of the popular network operating systems. In addition to a full set of file permissions, NetWare also accommodates file permission inheritance, as well as filters to cancel out that inheritance. For those who are unfamiliar with the various features of NetWare file system security, it can seem a bit bewildering. When you are used to it, though, you realize that it allows an extremely high level of control over files and directories.

Note The term inheritance is used to describe the process of rights flowing down the directory tree. For example, rights are assigned at the top of the directory structure, and unless they are blocked at a lower level, they flow to the bottom of the structure. All common network operating systems employ file inheritance in one way or another.

At the core of NetWare file system security are the basic permissions. These permissions can be assigned to individual files or, where appropriate, directories (that is, folders). The file system rights available on a NetWare server are listed in Table below.

File Permissions on a NetWare Server

SupervisorSupervisory-implies all rights
ReadAllows the file to be read
WriteAllows the file to be written to
CreateAllows new files to be created
EraseAllows files to be deleted
ModifyAllows the attributes of the file to be changed
FilescanAllows the file to be viewed
Access ControlAllows the file permissions to be manipulated
[Previous] [Contents] [Next]

In this tutorial:

  1. Network Operating Systems and Clients
  2. Network operating systems
  3. Windows NT 4
  4. Domains and workgroups
  5. Windows NT 4 authentication
  6. Windows NT 4 file and print services
  7. Windows NT 4 application support
  8. Windows NT 4 security
  9. Windows NT 4 and Windows 2000 file system security
  10. Windows 2000
  11. Windows 2000 Active Directory and domains
  12. Windows 2000 authentication
  13. Windows 2000 file and print services
  14. Windows 2000 application support
  15. Novell NetWare
  16. NDS (Novell Directory Services)
  17. NetWare authentication
  18. NetWare file and print services
  19. NetWare application support
  20. NetWare security
  21. Linux
  22. Linux file and print services
  23. Linux application support
  24. Linux security
  25. Operating system interoperability
  26. Using Windows with NetWare
  27. Using Windows and Linux servers
  28. Using NetWare and Linux servers
  29. Operating system client support
  30. NetWare server client support
  31. Linux server client support
  32. Client operating systems
  33. Local security mechanisms for Windows 95, Windows 98, and Windows Me
  34. Windows NT Workstation, Windows 2000 Professional, and Windows XP Professional
  35. Client connectivity for Windows NT Workstation, Windows 2000 Professional, and Windows XP Professional
  36. Applications for Linux
  37. Local security mechanisms for Linux
  38. Macintosh
  39. Application support for Macintosh
  40. Selecting a NIC and network configuration settings
  41. Connecting the PC to the network
  42. Testing and troubleshooting the NIC
  43. Configuring the NIC settings
  44. Configuring client systems for TCP/IP
  45. Configuring DNS server information
  46. Configuring WINS server information
  47. Using DHCP (Dynamic Host Control Protocol)
  48. Configuring clients to access servers
  49. Client software for Microsoft networks on Windows 95/98/Me
  50. Novell client software
  51. Unix/Linux client software