Networking

NetWare Security

Similar to the other network operating systems, NetWare has many security features to help secure the server and the network. The key areas of NetWare security include the following:

  • Resource access Resource access in NetWare is controlled, as is everything else related to security, through directory services. For a user to gain access to a network resourcewhether it be a file, directory, printer, or serverthe appropriate permissions must be applied through the directory. Permissions can be granted to the user, to a group to which the user belongs, or to an eDirectory container object in which the user resides. Rights to objects can be inherited or gained from other user IDs through a process called security equivalence.

  • User authentication As with the other network operating systems, accessing a NetWare server and network resources requires a username and password combination. To log on to a NetWare server, the context of the user must also be specified and, in some instances, the name of the eDirectory or NDS tree must also be provided. Context is a term used to refer to the location of an object, in this case the user object, in the eDirectory tree. Without the correct context, the security subsystem is unable to identify the correct user ID and does not grant access to the server. Because the context can be quite complex and the tree name is generally not used except at the point of login, it's common practice to configure users' workstations to default to a certain tree and context rather than requiring them to provide this information. This way, a user needs to provide only a username and password.

  • File and directory security NetWare provides a very comprehensive file and directory permissions system, which allows rights to be assigned to users, groups, and other directory services objects. Rights are inheritable, which means that rights assigned at one file system level flow down through the structure until they reach the end of the file system tree, unless they are countered by an inherited rights mask or by an explicit trustee assignment. Much the same process is used to manage and assign rights within the eDirectory tree, although the actual set of rights that can be assigned is different.

The NetWare console can and should be locked for security purposes. You can lock the NetWare console by using a utility called scrsaver, which you run from the server command line.

With the proliferation of Microsoft Windows server platforms, you might not actually get to work with a NetWare server. But if you do, you'll find that there is good reason why NetWare was king of the network operating system hill for so long.