NetWare security

Like the other network operating systems, NetWare has many security features to help secure the server and the network. The key areas of NetWare security include the following:

• Resource access-Resource access in NetWare is controlled, as is everything else related to security, through directory services. For a user to gain access to a network resource-whether it be a file, directory, printer, server, or gateway-the appropriate permissions must be applied through the directory. Permissions can be granted to the user, to a group to which the user belongs, or to an NDS container object in which the user resides. Rights to objects can be inherited or gained from other user IDs through a process called security equivalence.
• User authentication-As with the other network operating systems, accessing a NetWare server and network resources requires a username and password combination. To log on to a NetWare server, the context of the user must also be specified and, in some instances, the name of the NDS tree must also be provided. Context is a term used to refer to the user IDs location in the NDS tree. Without the correct context, the security subsystem is unable to identify the correct user ID and does not grant access to the server. Because the context can be complex and because the tree name is generally not used except at the point of login, it's common practice to configure users' workstations to default to a certain tree and context. This way, a user needs to provide only a username and password.
  Remember To gain access to a NetWare server, four pieces of information are normally required: a username, a password, a directory context, and the name of the tree to which the user wants to log in. In addition, you can specify a server name, although this is not required.
• File and directory security-NetWare provides a very comprehensive file and directory permissions system, which allows rights to be assigned to users, groups, and other NDS objects. Rights are inheritable, which means that rights assigned at one directory level flow down through the directory structure until they reach the end of the directory tree, unless they are countered by an inherited rights mask or by an explicit trustee assignment. A similar process is used to manage and assign rights within the NDS directory tree, although the actual set of rights that can be assigned is different.

Like the Windows console, the NetWare console can and should be locked for security purposes. You can lock the NetWare console by using a utility called scrsaver, which you run from the server command line.

With the proliferation of Microsoft Windows server platforms, you might not actually get to work with a NetWare server. But if you do, you'll find that there is good reason why NetWare was king of the network operating system hill for so long.

File system security on NetWare is the most sophisticated of any of the popular network operating systems. In addition to a full set of file permissions, NetWare also accommodates file permission inheritance, as well as filters to cancel out that inheritance. For those who are unfamiliar with the various features of NetWare file system security, it can seem a bit bewildering. When you are used to it, though, you realize that it allows an extremely high level of control over files and directories.

Note The term inheritance is used to describe the process of rights flowing down the directory tree. For example, rights are assigned at the top of the directory structure, and unless they are blocked at a lower level, they flow to the bottom of the structure. All common network operating systems employ file inheritance in one way or another.

At the core of NetWare file system security are the basic permissions. These permissions can be assigned to individual files or, where appropriate, directories (that is, folders). The file system rights available on a NetWare server are listed in Table below.

File Permissions on a NetWare Server