NetWare Enhanced Security Administration

Introduction

This NetWare Enhanced Security Administration manual describes how server administrators install, configure, maintain, and audit individual NetWare^® Enhanced Security servers and the combined NetWare Enhanced Security network system.

This manual is written for administrative staff (supervisors, administrators, operators, and auditors) of evaluated NetWare Enhanced Security servers. It is not intended to be distributed to nonadministrative network users.

The purpose of this document is to:

Guide the configuration and installation of a secure server within the NetWare Enhanced Security network system.
Guide the operation of the server in a secure manner.
Enable administrative personnel to make effective use of the server's protection mechanisms.
Issue warnings about possible misuse of administrative authority.

This manual addresses the recommended content of the Guidelines for Writing Trusted Facility Manuals [NCSC-TG-016] but, as described in Paragraph 1.3 of that manual, presents the information in a different order and format than the recommended outline.

NOTE: In Novell^® documentation, an asterisk denotes a trademarked name belonging to a third-party company. Novell trademarks are denoted with specific trademark symbols, such as ^TM.

Product Overview

NetWare Enhanced Security is a distributed network operating system made up of four types of network components: servers, workstations, interconnections (routers, bridges, and repeaters), and network media.

The evaluated server component described in this document may serve any number of workstations, limited only by software license restrictions.

The server component contains a Network Trusted Computing Base (NTCB) partition, which is used to enforce the security policies and protect data stored on the server. The evaluated server component must not be used to run untrusted software.

As a network system composed of these four components, NetWare Enhanced Security is designed to meet the Controlled Access implementation (Class C2) requirements of the Trusted Network Interpretation (TNI) [NCSC-TG-005] of the Trusted Computer System Evaluation Criteria (TCSEC) [DoD5200.28-STD].

The evaluated server is an IAD component as defined in Appendix A of the TNI.

Manual Overview

This manual contains supplementary trusted facility information (such as notes and warnings) for Novell's existing NetWare 4.11 administrative manuals. The NetWare 4.11 administrative manuals that are necessary when running a trusted network facility include:

Concepts	Describes the terms and concepts necessary to understand NetWare networking.
Guide to NetWare 4 Networks	Contains an overview of Novell Directory Services (NDS) technolofy features and planning information necessary for the installation of NDS.
NetWare 4 Installation	Describes the installation of a NetWare 4.11 server.
Supervising the Network	Includes procedures for managing Novell Directory Services (NDS) technology, managing the file system, maintaining the server, auditing the network, backing up network data, and performing troubleshooting It is the primary document that describes the procedures involved in running a trusted network facility.
Utilities Reference	Contains manual pages for the server console commands and client utilities.
Print Services	Describes the configuration, management, and use of NetWare's print services.
System Messages	Contains system and error messages for NetWare 4.11.

If you are installing a server for the first time, refer to printed instructions (enclosed with the distribution media) for installing the viewer and documentation on a standalone system.

WARNING: Do not install NetWare Enhanced Security on a server without reviewing the online documents described above. This manual is not a standalone document. You must read both the online documentation and the supplementary data in this document

Because this manual contains supplementary information for an existing document set, it follows the organization of that document set and does not directly follow the outline suggested by [NCSC-TG-016].

This manual contains the following chapters.

Overview of Security Mechanisms describes the server component's protection philosophy, how the server component fits within the NetWare Enhanced Security network security architecture, and how the server can be used to protect against various computer security threats.
Security Supplement to Guide to NetWare 4 Networks provides supplementary information for Guide to NetWare 4 Networks.
Security Supplement to Installation provides supplementary trusted facility information for NetWare 4 Installation.
Taken together, the NetWare 4 Installation manual and this supplementary information describe the installation of the server NTCB partition.
Chapters 4 through 14 provide supplementary trusted facility information for Supervising the Network.
Security Supplement to Managing Novell Directory Services Objects provides supplementary information for Chapter 1, Managing Novell Directory Services Objects, of Supervising the Network.
Security Supplement to Managing Directories, Files, and Applications provides supplementary information for Chapter 2, Managing Directories, Files, and Applications, of Supervising the Network.
Security Supplement to Creating Login Scripts provides supplementary information for Chapter 3, Creating Login Scripts, of Supervising the Network.
Security Supplement to Maintaining NetWare Networks provides supplementary information for Chapter 4, Maintaining NetWare 4 Networks of Supervising the Network.
Security Supplement to Managing the Novell Directory Tree provides supplementary information for Chapter 5, Managing the Novell Directory Tree, of Supervising the Network.
Security Supplement to Migrating Data Using the HCSS addresses Chapter 6, Migrating Data Using the High Capacity Storage System, of Supervising the Network.
Security Supplement to Maintaining the NetWare Server addresses Chapter 7, Maintaining the NetWare Server, of Supervising the Network.
Security Supplement to Maintaining NetWare SMP addresses Chapter 8, Maintaining NetWare SMP of Supervising the Network.
Security Supplement to Backing Up and Restoring Data provides supplementary information for Chapter 9, Backing Up and Restoring Data, of Supervising the Network.
Security Supplement to Managing NetWare Licensing Services addresses Chapter 10, Managing NetWare Licensing Services of Supervising the Network.
Security Supplement to Troubleshooting the Network provides supplementary information for Appendix A, Troubleshooting the Network, of Supervising the Network.
Security Supplement to Managing NetWare Server for OS/2 addresses Appendix B, Managing NetWare Server for OS/2, of Supervising the Network.
Security Supplement to SFT III Management Tips addresses Appendix C, SFT III Management Tips, of Supervising the Network.
Security Supplement to Creating Menus addresses Appendix D, Creating Menus, of Supervising the Network.
Security Supplement to Print Services provides supplementary trusted facility information for Print Services.
Security Supplement to Concepts provides supplementary information for Concepts.
Security Supplement to Utilities Reference provides supplementary information for Utilities Reference.
Security Supplement to System Messages provides supplementary information for System Messages.
Summary summarizes this manual, describes the need for physical and administrative security, addresses protection of the network TCB and server NTCB partition, and summarizes the warnings mentioned in previous chapters.

Thus, the TNI requirements for a trusted facility manual are satisfied by this manual, along with the corresponding NetWare documentation.

In addition, the following additional document is necessary to securely configure and run a trusted network:

Novell World Wide Web site	Updates to this manual and other NetWare Enhanced Security documentation can be found in the Technical Support area of the Novell, Inc. World Wide Web site (http://www.novell.com). We recommend that you check this area regularly for updated NetWare Enhanced Security information.
NetWare Enhanced Security Server (NetWare 4.11)	Describes the individual hardware devices (mother boards, storage media and controllers, network controllers, and printers) and NetWare Loadable Module (NLM) software that is permitted in an evaluated server configuration.
Security Features User Guide (NetWare 4.11)	Describes the network security features as they apply to end users.
Auditing the Network (NetWare 4.11)	Describes the Auditcon utility, lists auditable events, and provides instructions for network auditing.

Terms and Acronyms

The following list of terms and acronyms are used throughout this document.

ACL	Access Control List
DOS	Disk Operating System
FSO	File System Object
IPX	Internetwork Packet Exchange (Novell)
LAN	Local Area Network
NetWare	Novell's commercial network operating system
NDS	Novell Directory Services
NLM	NetWare Loadable Module
NTCB	Network Trusted Computing Base
PCP	Printer Communication Protocol. The SPX-based protocol used to communicate the contents of a print job between a NetWare Enhanced Security print server and a NetWare Enhanced Security print driver.
PSSCP	Print Server Status and Control Protocol. The SPX-based protocol used by NetWare Enhanced Security clients to configure NetWare Enhanced Security print servers, and used by NetWare Enhanced Security print drivers to establish their availability to NetWare Enhanced Security print servers.
Public object	An object that is readable by all untrusted subjects, and writable only by privileged users or subjects.
SMS	Storage Management Services
SPX	Sequenced Packet Exchange (Novell) protocol
NetWare Enhanced Security	Novell's TCSEC Class C2 trusted network operating system