Novell GroupWise System Security
(Last modified: 07Oct1999)
This document (2954214) is provided subject to the disclaimer at the end of this document.
Issue
Novell GroupWise System Security
Overview
This document provides information on GroupWise security and
encryption. System security is based on the Network Operating
System, GroupWise encryption and compression, encrypted
communication between the GroupWise Client and Agents, and
encrypted communication between the workstation and the network.
If desired, message security can be enhanced further through the
use of security certificates which allow digital signatures and
additional encryption.
1. Network Operation System
GroupWise system security begins at the network server.
Access to the GroupWise 4.x and 5.x Message Stores is
controlled by the network administrator through the Network
Operating System and is therefore is as secure as the NOS
it is running on. GroupWise 5.x leverages the strength of
Novell Directory Services to authenticate users to the
network.
File system access to the Message Store varies according to
the version of GroupWise being used and the client access
method desired.
a. In Client/Server mode, available in GroupWise 5.0 and
later, users do not need any file system rights to the
Message Store.
b. In Direct Access mode, used in GroupWise 5.2 and
earlier, file system rights are necessary for some
areas of the GroupWise Post Office. A store-and-
forward messaging system such as GroupWise requires a
set of directories on the network file server for
storing and queuing messages. Storage directories,
referred to as the Message Store, contain the message
and user databases, attachment files and may contain
Document Libraries. Queue directories contain message
files in transit. Details on assigning file system
access rights are found in the GroupWise
Administration Guides available online at
http://www.novell.com/groupwise/administration/
gwadmin.html.
i. GroupWise 4.1, 5.0, 5.1 and 5.2 Standard
Configuration - Requires "read," "write,"
"create," "modify" and "file scan" rights to the
Message Store and queue directories in the Post
Office.
ii. GroupWise 4.1, 5.0, 5.1 and 5.2 Server Always
Configuration - Requires "read" and "file scan"
rights to the Message Store and "read," "write,"
"create" and "erase" rights to the queue
directories in the Post Office.
Whenever a message is sent within the GroupWise
system, the following actions must take place in
the storage directories to record and deliver
that message:
(1) The message is placed in sender's message
database
(2) The pointer to message is placed in
sender's user database
(3) The message is placed in recipient's
message database
(4) The pointer to message is placed in
recipient's user database.
The difference between the two possible
GroupWise configurations, Standard and Server
Always, is simply which application performs the
above actions. The sender's client application
can perform all the actions listed above under
the Standard configuration, while only the
GroupWise Post Office Agent (OFS/POA) can
perform these actions under the Server Always
configuration.
The Standard configuration provides optimal
performance in GroupWise 4.1 but requires that
all users have the "create" and "modify" network
access rights to the Message Store in addition
to the "read" right. With the Server Always
configuration, users need only the "read"
network access right to the Message Store
because all database modification and file
creation is done by the Post Office Agent
(OFS/POA). However, performance will obviously
not be as good as under the Standard
configuration because one application (the Post
Office Agent) is doing much of the work normally
done by multiple applications (the client
applications run by end users).
Both configurations protect the databases from
accidental or intentional deletion. Users do not
need the "delete" right to the Message Store.
Please note that the Message Store databases are
much more susceptible to damage in the Standard
configuration than in Server Always.
2. GroupWise Encryption and Compression
To maintain the integrity of the GroupWise security system,
this document obviously will not include detailed specifics
of the encryption and decryption methods used. The intent
is to describe the encryption/decryption process at an
appropriate level of detail to ensure your confidence in
the security system.
GroupWise 4.1 uses proprietary, single-key (symmetric)non-
linear encryption schemes, which have been approved by the
U.S. Department of Commerce, to safeguard all sensitive
information in storage or in transit within the messaging
system. GroupWise 5.x builds on this foundation with
enhancements made to encryption of attachment data and adds
data compression. The encryption key used varies depending
on the component being encrypted and the GroupWise Agent or
process performing the encryption.
A user's encryption key is randomly generated when the user
is defined. The key is generated in such a way that the
same key cannot be duplicated by redefining the user with
the same information in a different system. This prevents a
malicious user from copying the Message Store and then
attempting to create a mirror system by redefining the
users to recreate their encryption keys.
It is also important to note that information is encrypted
in such a way that one piece of information is encrypted
differently from the next, even when using the same
encryption key. This encryption method makes it nearly
impossible to try to establish an encryption pattern by
inspecting files before and after they are encrypted. It
also serves as a strong deterrent because each piece of
information is a completely separate decryption project.
The GroupWise directory and Message Store, as well as other
databases used by some GroupWise Gateways are encrypted.
Listed below are the four basic database types used and a
brief description of each:
|==============|=====================================|
| Database | Description |
|==============|=====================================|
| Domain | Contains user directory and system |
| Database | configuration information |
|--------------|-------------------------------------|
| Post Office | Contains user directory |
| Database | |
|--------------|-------------------------------------|
| Message | Contains all messages (sent and |
| Database | received) for users at a specific |
| | Post Office |
|--------------|-------------------------------------|
| User | Contains all information for a |
| Database | specific user, including the user's |
| | password, preference settings, |
| | pointers to messages, folder |
| | structure, and personal calendar |
| | items |
|====================================================|
3. Encrypted Communication Between the GroupWise Client and
Agents
In addition to the Directory and Message Store, message
files are encrypted whenever they are in transit or stored
separately outside of the Message Store. All communication
between the GroupWise Client and the file system in the
case of Direct Access, or the Post Office Agent in the
case of Client/Server, is encrypted before it leaves the
Client and is transmitted to the network. This applies
also to the GroupWise Remote Client whether it is
communicating with a GroupWise Agent or the Async Gateway.
4. Encrypted Communication Between the Workstation and the
Network
With NetWare 5 and the NetWare 5 Client, several levels of
encryption can be implemented between the workstation and
the server independent of GroupWise.
5. Security Certificates
With the GroupWise 5.5 Enhancement Pack Client and later,
you can use security certificates that allow digital
signatures and provide additional encryption. GroupWise is
compatible with the S/MIME version 2 specification. The
security service providers that GroupWise supports have
common encryption algorithms such as RC2 and RC4. When
digitally signing an item, GroupWise hashes the item into a
message digest using the standard algorithm SHA-1. The
message digest is distributed with the item being sent.
Summary
This combination of authentication, encryption, and write access
technology allows the system administrator to make the messaging
system as secure as possible.
As security, public key/private key encryption, and
authentication standards continue to evolve, GroupWise supports
methods for secure access of data and information that most
completely meet the needs of our customers. To that end, Novell
is committed to standards organization work surrounding these
security topics just as it is in all other applicable
standards-based discussions.
document
| Document Title: | Novell GroupWise System Security |
| Document ID: | 2954214 |
| Creation Date: | 07Oct1999 |
| Modified Date: | 07Oct1999 |
| Revision: | 1 |
| Novell Product Class: | Groupware |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.