IT Baseline Protection Manual - Chapter 6.6 Novell Netware 4.x
6.6 Novell Netware 4.x
Description
The object under consideration is a Novell Netware 4.x
network operating system (with a focus on Netware 4.11).
Novell Netware is operated on PC servers and essentially
provides the following infrastructure services in a network:
authentication, directory service, file service, printing and
logging. The subject of this chapter is the Novell 4.x
network in a client-server function. Thus, this chapter is a
supplement to chapter 6.1 and is operating-system specific.
A central aspect of the Novell Netware 4.x operating system is the distribution of the central database of
the NDS (Novell Directory Services) - irrespective of any specific server systems - across the network,
and an object-oriented approach towards the management of all elements in a homogeneous operating-system
environment.
The functionality of Novell Netware add-on products such as DHCP, WEB Server and WAN
Connectivity are also considered.
Remarks:
names of files and programs are always presented in italics (e.g. SYS:PUBLIC\NWADMIN.EXE).
Threats and corresponding safeguards have been specified using Novell version 4.11 as a basis. Due
to the presence of various patch levels in the network operating-system and/or due to different
developments between Netware 4.10 and Netware 4.11, not all threats might apply to every variant of
Novell Netware 4.x. If necessary this will be explicitely pointed out or marked in the text.
Threat Scenario
The following typical threats are assumed as regards IT baseline protection of Novell Netware Version 4.x:
T 5.59 Misuse of administrator rights in the Novell Netware network
Recommended Countermeasures (S)
For the implementation of IT baseline protection, selection of the required packages of safeguards
("modules") as described in chapters 2.3 and 2.4, is recommended.
For networked PCs, the safeguards described in chapter 5 should be implemented. Bear in mind that
these safeguards only concern the properties of Novell Netware 4.x. and that these, and the general
network security safeguards described in chapter 6.1 "Server-supported network", complement one
another.
The following measures are recommended in addition:
Infrastructure:
S 1.28 (1) Local uninterruptable power supply (ups)
S 1.42 (1) Secure siting of Novell Netware servers
Organisation:
S 2.102 (2) Relinquishing activation of the remote console (optional)
S 2.147 (1) Secure migration of Novell Netware 3.x servers to Novell Netware 4.x networks
S 2.148 (1) Secure configuration of Novell Netware 4.x networks
S 2.149 (2) Secure operation of Novell Netware 4.x networks
S 2.150 (1) Auditing of Novell Netware 4.x networks