6.6 Novell Netware 4.x

Description

The object under consideration is a Novell Netware 4.x network operating system (with a focus on Netware 4.11). Novell Netware is operated on PC servers and essentially provides the following infrastructure services in a network: authentication, directory service, file service, printing and logging. The subject of this chapter is the Novell 4.x network in a client-server function. Thus, this chapter is a supplement to chapter 6.1 and is operating-system specific.

A central aspect of the Novell Netware 4.x operating system is the distribution of the central database of the NDS (Novell Directory Services) - irrespective of any specific server systems - across the network, and an object-oriented approach towards the management of all elements in a homogeneous operating-system environment.

The functionality of Novell Netware add-on products such as DHCP, WEB Server and WAN Connectivity are also considered.

Remarks:

• names of files and programs are always presented in italics (e.g. SYS:PUBLIC\NWADMIN.EXE).
• Threats and corresponding safeguards have been specified using Novell version 4.11 as a basis. Due to the presence of various patch levels in the network operating-system and/or due to different developments between Netware 4.10 and Netware 4.11, not all threats might apply to every variant of Novell Netware 4.x. If necessary this will be explicitely pointed out or marked in the text.

Threat Scenario

The following typical threats are assumed as regards IT baseline protection of Novell Netware Version 4.x:

Force Majeure:

• T 1.2 Failure of the IT system

Organisational Shortcomings:

• T 2.33 Siting of Novell Netware Servers in an insecure environment
• T 2.34 Absence of or inadequate activation of Novell Netware safeguards
• T 2.42 Complexity of the NDS
• T 2.43 Migration of Novell Netware 3.x to Novell Netware Version 4

Human Failure:

• T 3.8 Improper use of the IT system
• T 3.25 Negligent deletion of objects
• T 3.26 Inadvertent sharing of the file system
• T 3.27 Improper time synchronisation

Technical Failure:

• T 4.1 Disruption of power supply

Deliberate Acts:

• T 5.23 Computer viruses
• T 5.43 Macro viruses
• T 5.55 Login Bypass
• T 5.56 Temporary free-access accounts
• T 5.57 Network analysis tools
• T 5.58 "Hacking Novell Netware"
• T 5.59 Misuse of administrator rights in the Novell Netware network

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

For networked PCs, the safeguards described in chapter 5 should be implemented. Bear in mind that these safeguards only concern the properties of Novell Netware 4.x. and that these, and the general network security safeguards described in chapter 6.1 "Server-supported network", complement one another.

The following measures are recommended in addition:

Infrastructure:

• S 1.28 (1) Local uninterruptable power supply (ups)
• S 1.42 (1) Secure siting of Novell Netware servers

Organisation:

• S 2.102 (2) Relinquishing activation of the remote console (optional)
• S 2.147 (1) Secure migration of Novell Netware 3.x servers to Novell Netware 4.x networks
• S 2.148 (1) Secure configuration of Novell Netware 4.x networks
• S 2.149 (2) Secure operation of Novell Netware 4.x networks
• S 2.150 (1) Auditing of Novell Netware 4.x networks
• S 2.151 (1) Design of an NDS concept
• S 2.152 (2) Design of a time synchronisation concept
• S 2.153 (1) Documentation of Novell Netware 4.x networks

Hardware/Software:

• S 4.102 (2) C2 security under Novell 4.11 (optional)
• S 4.103 (1) DHCP server under Novell Netware 4.x (optional)
• S 4.104 (2) LDAP Services for NDS (optional)

Contingency Planning:

• S 6.55 (2) Reduction of restart times for Novell Netware servers