21.1 Overview of OES Security Services

This section provides specific overview information for the following key OES components:

For more authentication and security topics, see the OES online documentation.

21.1.1 Application Security (AppArmor)

Novell® AppArmor® provides easy-to-use application security for both servers and workstations. You specify which files a program can read, write, and execute.

AppArmor enforces good application behavior without relying on attack signatures and prevents attacks even if they are exploiting previously unknown vulnerabilities.

For more information, see the Novell AppArmor Documentation Web site.

21.1.2 Auditing

OES 2 NetWare® includes Nsure™ Audit 1.0.3 Starter Pack, and the applicable documentation is included in the OES documentation set. For direct links to the documentation included with OES 2 NetWare, see the topics in auditing in the OES online documentation.

OES 2 Linux does not include an audit starter pack. However, the Novell Audit 2.0 Starter Pack is supported on OES 2 Linux and is available for download at no cost from the Novell Download Site. Documentation for Novell Audit 2.0 is available on the Novell Documentation Web site.

21.1.3 Encryption (NICI)

The Novell International Cryptography Infrastructure (NICI) is the cryptography service for Novell eDirectory™, Novell Modular Authentication Services (NMAS™), Novell Certificate Server™, Novell SecretStore®, and TLS/SSL.

Key Features

NICI includes the following key features:

  • Industry standards: It implements the recognized industry standards.

  • Certified: It is FIPS-140-1 certified on selected platforms.

  • Cross-platform support: It is available on both OES platforms.

  • Governmental export and import compliance: It has cryptographic interfaces that are exportable from the U.S. and importable into other countries with government-imposed constraints on the export, import, and use of products that contain embedded cryptographic mechanisms.

  • Secure and tamper-resistant architecture: The architecture uses digital signatures to implement a self-verification process so that consuming services are assured that NICI has not been modified or tampered with when it is initialized.

Never Delete the NICI Configuration Files

In the early days of NICI development, some NICI problems could be solved only by deleting the NICI configuration files and starting over. The issues that required this were solved years ago, but as is often the case, the practice persists, and some administrators attempt to use this as a remedy when they encounter a NICI problem.

No one should ever delete the NICI configuration files unless they are directly told to do so by a member of the NICI development team. And in that rare case, they should be sure to back up the files before doing so. Failure to do this makes restoring NICI impossible.

More Information

For more information on how to use NICI, see the Novell International Cryptographic Infrastructure (NICI) 2.7x Administration Guide.

21.1.4 General Security Issues

In addition to the information explained and referenced in this section, the OES online documentation contains links to “General Security Issues”.