Novell is now a part of Micro Focus

Appendix

Articles and Tips: article

01 Apr 1994


Appendix A: NetWare 4 Feature Comparison

NetWare 4 is the most advanced and powerful network operating system available today. This release represents the ninth generation of NetWare development. It adds a whole new dimension to network computing, extending network services and making network management easier than ever.

For critical business data to be viably handled on a network, the underlying platform must be robust enough to handle network-wide administration and management. It must also provide ample security to protect sensitive corporate information.

NetWare 4 allows better management control, easier maintenance, and more flexible security options than any other network operating system currently available. It is the ideal platform for today's sophisticated networking needs, and it will continue to support those needs as network computing evolves in the future.

This appendix provides a comparison of NetWare 3.12 and NetWare 4 features.

NetWare Feature Comparison

Figure 1 provides a comparison of features common to NetWare 4 and NetWare 3.12, as well a listing of many features new with NetWare 4.

Figure 1: Feature comparison between NetWare 4 and 3.12.


FEATURE
NetWare 4
NetWare 3.12

OPERATING SYSTEM ARCHITECTURE

Maximum numberof user connections per server

1000

250

User configuration (stratification)

5, 10, 20, 50, 100, 250, 500, 1000

5, 10, 20, 50, 100, 250

Maximum numberof server connections per client workstation

50 (configurablein client VLM)

8

Object-based global naming service

Yes (NetWare Directory Services)

No

Single login to network

Yes

No

MEMORY AND DISK REQUIREMENTS

Minimum server memory requirements

6 MB

4 MB

Optional Ring 3 memory protection

Yes

No

Dynamic Ring3 reinitialization on failure

Yes

No

ContinuousRing 0 operation on Ring 3 fail

Yes

No

Hard diskspace used by operating system

12 to 60 MB

9 MB

FILE SYSTEMAND STORAGE

Read-ahead cache

Yes

No

Intelligentdata compression

Yes

No

Support fordata migration hardware (optical jukebox,read/write optical, and so on)

Yes

No

Real-timeData Migration - High Capacity Storage System (HCSS)

Yes

No

NETWORK SECURITY

Restrict loginto specific Medium Access Control addresses

Yes (optional)

No

Compressiondirectory and file attribute

Yes

No

Migrationdirectory and file attribute

Yes

No

AUDITCONSECURITY AUDITING

File systemauditing

Yes

N/A

NDS eventauditing

Yes

N/A

Independentnetwork auditor

Yes

N/A

Independentauditor password

Yes

N/A

Multiple auditors

Yes

N/A

Audit usersecurity transactions

Yes

N/A

Audit userfile transactions

Yes

N/A

Audit supervisortransactions

Yes

N/A

Audit filecreation statistics

Yes

N/A

Audit directorycreation statistics

Yes

N/A

Audit volumestatistics

Yes

N/A

Transactionlogs

Yes

N/A

Filter transactionlogs

Yes

N/A

Transactionmonitoring/automatic log updates

Yes

N/A

NETWORKMANAGEMENT

Determinewho has console/supervisor privileges

Yes

No

View consoleoperation status

Yes

No

View supervisorequivalent status

Yes

No

View hierarchicalDirectory tree

Yes

No

Remote consolesession security

Yes

No

Remote consolemodem callback

Yes

No

NETWAREDIRECTORY SERVICES

Maximum numberof tree levels

15

N/A

Object oriented

Yes

N/A

Directoryobject creation (user, volume, alias, organization,print server, queue, printer group, computer,directory map, bindery objects, and so on)

Yes

N/A

Extensibleschema (set of objects and attributes)

Yes (programmed)

N/A

Maximum numberof attributes per object

Unlimited (defaultset of attributes per object type)

N/A

Maximum lengthof attribute fields

Unlimited

N/A

Partition database

Yes (logical subtree)

N/A

Physical location of partitions

One or more servers

N/A

User-definable partitions

Yes

N/A

Partitionsreplicated across multiple servers

Yes

N/A

Root partition replicated

Yes

N/A

Read-only partitions

Yes

N/A

Read/Write partitions

Yes

N/A

Background authentication

Yes

N/A

Background synchronization

Yes

N/A

Protocol independent

Yes

N/A

Unicode enabled

Yes

N/A

External nameservice synchronization

Yes

N/A

Object andproperty access rights (add, delete, rename,move, read, compare, list, modify, browse)

Yes

N/A

Name searching (white paging)

Yes

N/A

Topical searching (yellow paging)

Yes

N/A

TIME SYNCHRONIZATION

International time zone support

Yes

No

Daylight Savings Time support

Yes

No

User-configurable time synchronization

Yes

No

Single reference time server

Yes (optionaluse of external atomic clock)

No

Multiple primary time servers

Yes

No

Multiple secondary time servers

Yes

No

BACKUP SERVICES

Workstation backup

Yes (DOS, OS/2)

No

NETWORK PRINTING

Maximum sharedprinters per print server

256

16

RAM used onworkstation-attached network printer

4,976 bytes(parallel)

5,488 bytes (serial)

4-20 KB

NETWORK UTILITIES

Approximate number of utilities

50 (consolidated)

130

IMAGING (Optional Service)

Attribute search

Yes

No

Image manipulation

Yes

No

Distributeddata migration (Mass Storage System - MSS)

Yes

No

Image compression

Yes

No

Content document architecture

Yes

No

APPLICATIONPROGRAM INTERFACES (APIs)

Image EnabledNetWare (optional Kodak services)

Yes

No

Hierarchicalstorage (data migration)

Yes

No

Document management services

Yes (post 4.0release)

No

COMMUNICATIONPROTOCOLS

Large InternetPacket (LIP)

Yes

Yes

CLIENT SUPPORTAND INTEROPERABILITY

DOS

7

Modular client"requester" architecture

Yes (VLM)

Yes (VLM)

Number offiles stored on a DOS workstation by thenetwork operating system

20 (4 plus16 optional VLMs)

20 (4 plus16 optional VLMs)

Conventionalmemory (640KB area) used

(Use of XMS/EMSsupports built in; small footprint when used)

53KB (requester,IPXODI, LSL, LAN driver)

53KB (shell,IPXODI, LSL, LAN driver)

Additionalconventional memory used with packet burst

(Use of XMS/EMS supports built in; smallfootprint when used)

53KB

53KB

Extended memorysupport

Yes

Yes

LPT portson client

LPT1 - LPT9

(VLMs support)

LPT1 - LPT3

Windows

Windows 3.0 NetWare Tools

Yes (expanded user tools)

Yes (basic user tools only)

Windows 3.1 NetWare Tools

Yes (expanded user and admin. tools)

Yes (basic user tools only)

Packet burstincluded with Windows client

Yes (requester)

Yes (requester)

Load client software after Windows

Yes

Yes

Login under Windows

Yes

Yes

UNIX

NeXT workstation support

Yes

No

CLIENT UTILITIESFOR NETWARE ADMINISTRATION

Supported Platforms

Windows

Yes (3.1 only)

Yes (3.1 only)

OS/2 2.0 Presentation Manager (PM)

Yes

Yes

SupervisorAdministrative Functions

Single administrativetool for network

Yes (Windows, PM)

No

File system(move, copy, trustees, salvage, rights)

DOS, Windows, PM

DOS, Windows

Directoryservices (create/delete objects; edit attributes)

DOS, Windows, PM

N/A

Search NDS Directory

DOS, Windows, PM

N/A

Move objectsin Directory Services tree

DOS, Windows

N/A

Directory Services security

DOS, Windows, PM

N/A

DirectoryServices partition management

DOS, Windows

N/A

Printing (queues,printers, print servers)

DOS, Windows

DOS, Windows

End User Tools

Change/SetDirectory Services context

DOS, Windows, PM

N/A

Browse Directory Services

DOS, Windows, PM

N/A

User toolswork with both bindery and Directory Services

DOS, Windows, PM

N/A

Change file rights and attributes

DOS, Windows, PM

DOS

Login

DOS, Windows, PM

DOS, Windows

Client install

DOS, PM

DOS

NETWORK INTERFACE CARD SUPPORT

Client

Ethernet default frame type

IEEE 802.2

IEEE 802.2

NDIS protocolstack supported (via ODINSUP)

Yes

Yes

Third-party drivers supported

Yes (approx. 150 included in box)

Yes (Novelldrivers only included in box)

Server

Ethernet default frame type

IEEE 802.2

IEEE 802.2

Third-party drivers supported

Yes (approx. 150 included in box)

Yes (Novelldrivers only included in box)

DOCUMENTATION

Available on CD-ROM

Yes

Yes

Windows-baseddocumentation viewer

Yes

Yes

Security Product Vendor Information

From its inception, Novell has realized that strategic partnering is important to providing the customer full product line support. This is especially true in the area of network security and control. Because of the many components that make up a typical network, the user and network provider are confronted with any choices for security which cover the client to the server. One could easily look at security solutions for the client workstation, the server, and the enterprise network and its many components. However, it is important to narrow the focus and choose products judicially that serve individual needs.

Novell currently has a Security Strategic Alliance with the following companies:

  • American Telephone & Telegraph

  • Cordant, Inc.

  • Computer Associates

  • DATAMEDIA, Inc.

  • Digital Equipment Corporation

  • LAN Support Group, Inc.

  • Blue Lance, Inc.

  • ENIGMA LOGIC

  • HUGHES Aircraft Company

  • RAXCO

  • KPMG

  • Intrusion Detection, Inc.

  • MERGENT International, Inc.

  • SecureWare

  • SEMAPHORE Communications Corporation

  • TREND Micro Devices, Inc.

The following listing contains information on various security and auditing products that are currently available for use with NetWare 4. All of the products listed on the following pages are available for purchase and are in use by several major corporations (both in the U.S. and internationally).

Disclaimer: Novell neither endorses the listed products nor deems this list to be complete. This product listing is offered only as a sample of the variety of third-party products that are currently available to help you build a trusted NetWare 4 network environment.


ALADDIN Software Security Inc.350 Fifth AveSuite 7204New York, NY 10118

Tel: 800-223-4277 212-564-5678Fax: 212-564-3377

NetHASP

NetHASP - hardware key

Software protectionthrough Hardware

Privacy &Authentication

Components - NetHASP hardware key and small software program.

Only one hardware key is needed to active a protected program.

Installation of key not location bound.

Limits number of stations accesses to software

Limits number of activations permitted each program.

Protests up to 112 programs.

Full DOS & Windows support.

NetWare and Net-BIOS LAN protocol compatible.

Blue Lance,Inc.1700 West Loop SouthSuite 1100Houston,Tx 77027Attn: Satish Kinra

Tel: 713-680-1187Fax:713-622-1370

LT Auditor 4.0+

Novell 2.2,3.11 NLM certified

Novell 4 Beta end of 1 QTR 1994

On-line auditing

Server Centric

Software Metering

HardwareInventory

Configuration management

US Navy Standard

Cordant, Inc.InformationSecurity Division11400 Commerce ParkDriveReston, VA 22091-1508Tel: 800-843-1132Tel:703-758-7000

Assure

Secures standalone and Novell workstations - under C2 evaluation at NCSC.

Assure Server

NLM that works in conjunction with Assure toprovide end-to-end security in a NetWare environment.

Assure Basic

Secures standalone and Novell Workstations.

Hardware/Software-Based Security:

DOS and Windows Pcs: Notebooks, Laptops, Desktops

Identification/Authentication

Discretionary Access Control

ObjectReuse

Auditing

BootProtection

Single Sign-On to NetWare

PublicKey Encryption

Digital Signature Algorithm

SmartCard (NIST Certified)

Secure Communication

AutomaticDES Encryption

Virus Prevention

NetWareCertified

Central Security Administration

NICChecking

Attachment Auditing

SupervisorNotification

Non-Assure Workstation Lockout

Software-Based Security:

DOS and Windows PCs: Notebooks, Laptops, Desktops

Identification/Authentication

DiscretionaryAccess Control

Object Reuse

Auditing

BootProtection

Single Sign-On to NetWare

PublicKey Encryption

Digital Signature Algorithm

SmartCard (NIST Certified)

Virus Protection

DATAMEDIA Corporation20Trafalgar SquareNashua, NH 03063Attn:SECUREcard Marketing

Tel: 603-886-1570Fax:603-598-8268Info@datamedia.com

SECUREcard

SECUREcard/100

SECUREcard/200

SECUREcard/300

SECUREcard/400

DOS& Windows PC's

Identification &Authentication (I&A)

Discretionary Access Control (DAC)

Auditing

Common Sign-On & Network Isolation

CentralSite Administration

Personal Privacy & Security

Software based security for PCs.

Option for smart card I&A and hardware enhanced protection.

Hardware add-in controller board. Configuration control, token based I&A and network isolation.

Combination of 200/300 features to provide Workstation Security beyond C2.

ENIGMA LOGIC2151 Salvio StreetSuite 301Concord,CA 94520Tel: 510-827-5707Fax: 510-827-2593Attn:John R. Muir

SafeWord for Novell

Dial-Up& Access Control

User Authentication via non-replayable "dynamic" passwords

DES based password "token" (handheld cards)

Multi-vendor token compatible

AuditCompatible with NetWare 2.x, 3.x, UNIX, MVS,VMS, and MS-DOS

Intrusion Detection,Inc.217 East 86th StreetSuite 213NewYork, NY 10028Attn: Robert Kane

Tel:212-360-6104Fax: 212-427-9185

The Kane Security Analyst

Knowledge-based NetWare Windows GUI Security testing

LAN SupportGroup, Inc.2425 FountainView DrSuite390Houston, Tx 77057Attn: David Pulaski

Tel: 800-749-8439Tel: 713-789-0881Fax: 713-977-9111

Bindview+

NCS Console

SIM- Server Information Module

WAM- Workstation Asset Management

LANManagement, Audit, Security/Control Package.

NetWare 2.x,3.x certified

NetWare 4 Bindery compatible

Extensive Data Gathering & Reporting features.

Multi-format data presentation and capture - Spreadsheet, Database, Dossier

Broad Hardware & Software Inventory Module - Integrated into reporting facility

Auditor Traveling License available

4.0 Migration tool

NetWare 4.1 Beta 2nd. Qtr 1994

Server Auditing Module 2 QTR 1994

Rules-Based Security NLM 3 Qtr 1994

Standard for several Big 6.

Standard for Major money center banks.

MERGENT International70Inwood RoadRocky Hill, CT 06067-3441

Tel: 203-257-4223Fax: 203-257-4245Attn:Kathleen Garlasco

Domain/DACS

Net/DACS

SSO/DACS

Centralized security management.

Includes PC/DACS for DOS, which secures point of entry and provides access control, encryption, boot protection, time out, virus protection and more.

Supports all popular LANs.

Provides audit controls.

Transparent to end-user.

Supports DOS and Windows PCs.

Supports Novell NetWare (all versions)

Includes PC/DACS for DOS

Integrates PC/DACS security with NetWare's security.

Provides audit controls.

Peer-to-Peer Administration

Single-Sign-On to network.

Transparent to end-user.

Supports DOS & Windows.

Multi-platform Single-sign-on to any network or server.

Reduces or eliminates need for multi-passwords.

Password management.

Supports DOS & Windows.

Automate& customize sign-on.

NetWork EnhancementTools, Inc.(NETinc)20218 BridgedaleLaneHumble, Tx 77338

Tel: 713-446-2154Fax:713-540-8652

NETMenu™NETMenuLAN ToolkitJ

NETSentry™

Allowsonly trusted users and groups to shell out

True access control (local and remote)

Create multi-level security

Audit user activities

Software license metering and control

Screen blanking with NetWare encrypted password control

Automatic log outs and log ins

Unlimited users perserver license

DOS and Windows support

Over 70 programs in a neat package

LAN administrator's helper

Logout inactive users with knowledge of their operating environment

Secure idle workstations

Easy administration

Exception handling

Orderly shutdown capability

Fully configurable PCX screen blankers

Third-party screen blankers supported

Full-featured audit rail listing

NetWare compatible

Customizable

DOS and Windows support

Encrypted password supported

SEMAPHORECommunicationsCorporation2040 Martin AvenueSanta Clara, CA 95050

Tel: 408-980-7750Fax: 408-980-7769

Network SecuritySystem (NSS)

Network Encryption Unit (NEU)

Network Security Center (NSC)

Nodeto Node and Site-to-Site data transmission security.

Supports: a:all popular LAN Protocols at Network Layer. b:all variants of NetWare Data Link Layer encapsulation. c: simultaneous Layer2 Layer 3 traffic

Using RSA and DES, provides: Authentication; AccessControl; Key Management; Encryption.

User Operations unchanged.

Works with existing LAN/WAN configurations.

Cross-vendor products unaffected.

Scaleable to very large networks.

Operates at full Ethernet bandwidth.

TREND MicroDevices, Inc.2421 West 205th StreetSuiteD-100Torrance, Ca 90501-1462

Tel: 310-782-8190Fax: 310-328-5892

StationLock

StationLock LANPack

Hardware plug and play security card.

Virus protection

AccessControl

Recovery Control

Resource Management

Encryption to DOS workstations

Audit trail

Central Site Administration & Authentication

NetWare 4 Commands for Auditors

The following NetWare 4 commands can be used to assist auditors in obtaining information to produce initial documentation for a single server running the NetWare 4 operating system. These commands will help gather pertinent information for understanding the audit reports produced by AUDITCON.

For scripts that can be used on NetWare 2 and 3 operating version please refer to the Novell Cooperative Research Report titled NetWare Security: Configuring and Auditing a Trusted Environment. For additional details on these commands and others with their various options that might be used by one managing the security of the system or auditing it, see the NetWare 4 Utilities Reference Manual and the NetWare 4 Concepts Manual.

The NVER Command

Purpose: Used to determine the version of software running on your server and workstation.

Syntax: NVER

Information Provided:

Link Support Layer LAN Drivers Protocol Stack IPX API Version SPX API Version VLM Attached Servers File Server Operating System Version Workstation Operating System

Example Command and Output:

F:\>NVER
DOS:	V5.00

Link Support Layer:	Version 2.01

Lan Drivers:	
Board 1:	Xircom Pocket Ethernet Adapter III
	Version:		1.04
	Frame type:		ETHERNET_802.3
	Maximum frame size:	1514 bytes
	Line speed:		10 Mbps
	Interrupt number:	7
	Port number:		0378-037a
	Node address:		[80C72EA562]

Protocol Stack:	
	Description:		IPX Internetwork Packet Exchange
	Version:		2.11
	Network address:	[01030000]
	Binding Information:	Board 1  Protocol ID = 0

	IPX API version:	3.30
	SPX API version:	3.30

	VLM: Version 1.02 Revision A using Extended Memory

Attached file servers:

Server name:  GEORGIE
Novell NetWare 4.01 (July 12, 1993)

Server name:  DBDUDE
Novell NetWare 4.01 (July 12, 1993)

The NLIST SERVER /B Command

Purpose: Used to view a list of the bindery servers on your internetwork and information about those servers.

Syntax: NLIST SERVER /B

Information Provided:

List of active NetWare servers known to attached server The server network address The server network node The status of user's connection to active server

Example Command and Output:

Syntax: NLIST SERVER /B

Information Provided:

    List of active NetWare servers known to attached server
    The server network address
    The server network node
    The status of user's connection to active server

Example Command and Output:

F:\>NLIST SERVER /B

Object Class: server
Known to Server: GEORGIE
Active NetWare Server =	The NetWare Server that is currently running
Address	= The network address
Node		= The network node
Status	= The status of your connection

Active NetWare Server	Address		Node		Status
---------------------------------------------------------
311TEST			[ 1084117]	[      1]
386-CLASS3		[ 1CAFFCA]	[      1]
386-CLASS3A		[ 1CAFFFC]	[      1]
GEORGIE			[2BC97DB9]	[      1]	Default
SVE-ASYNC		[C1FF4035]	[      1]        
SVE-CM			[C1F0003C]	[      1]        
SVL-ADMIN		[C0054141]	[      1]        
YOICKS			[ 1FD03D1]	[      1]        
ZAUGG_DOUGLAS_A		[ 110DDDD]	[      1]        
A total of 9 server objects was found.

The NLIST SERVER Command

Purpose: Used to view a list of servers within the current NDS context.

Syntax: NLIST SERVER

Information Provided:

The current NDS context The NetWare server name located in the context The server network address The server network operating system version The network operator

Example Command and Output:

F:\>NLIST SERVER

Searching:	O=DBMAIN
Object Class:  server
Current context: O=DBMAIN
NetWare Server= The server name
Address       = The network address
Version       = The server version
Operator      = The network operator

NetWare Server	Address		Version		Operator
-------------------------------------------------------- 
CN=DBDUDE	[2C741194]	Novell		Net
CN=DB2		[2C73CE22]	Novell		Net
CN=DB1		[2C73CE26]	Novell		Net
CN=GEORGIE	[2BC97DB9]	Novell		Net
CN=SRD		[ 10302FF]	Novell		Net
CN=PRV-MAIL-SERV[ 1FFBA94]	Novell		Net
CN=mba		[ 1030202]	Novell		Net
A total of 7 server objects was found in this context.
A total of 7 server objects was found.

The NDIR /VOL Command

Purpose: Used to view information about the default or pathed volume.

Syntax: NDIR [path] /VOL

Information Provided:

The file server and volume located in the path. The total volume space (in kilobytes). The space used by files (including file data, information in the File Allocation Table, and information in the directory table). Deleted space not yet purgeable The space remaining on the volume. The space available to the user. Maximum directory entries. Available Directory entries Space used if files were not compressed Space used by compressed files Space saved by compressing files Uncompressed space used.

Example Command and Output:

F:\>NDIR /VOL
                            
Statistics for fixed volume GEORGIE/SYS:
Space statistics are in KB (1024 bytes).

Total volume space:			339,104  100.00%
Space used by 2,162 entries:		148,992   43.94%
Deleted space not yet purgeable:	      0    0.00%
                                       	----------------

Space remaining on volume:		190,112   56.06%
Space available to TODDH:		190,112   56.06%
 
Maximum directory entries:		 14,848
Available directory entries:		  7,118   47.94%

Space used if files were not compressed: 192,143
Space used by compressed files:		  67,683
                                          -------------
Space saved by compressing files:	124,460	64.77%

Uncompressed space used:		111,997

The NLIST VOLUME Command

Purpose: Used to view the file server volumes defined within the current NDS context.

Syntax: NLIST VOLUME

Information Provided:

The current NDS context The volume name located in the context. The server where the volume is located. The physical volume name.

Example Command and Output:

F:\>NLIST VOLUME

Searching:       O=DBMAIN
                 
Object Class: volume
Current context: O=DBMAIN
Volume name    = The name of the volume
Host server    = The server where the volume is located
Physical volume= The physical volume name

Volume Name        Server        Physical Volume
---------------------------------------------------------
CN=DBDUDE_SYS      DBDUDE        SYS
CN=DBDUDE_VOL1     DBDUDE        VOL1
CN=DB1_SYS         DB1           SYS
CN=DB2_SYS         DB2           SYS
CN=GEORGIE_SYS     GEORGIE       SYS
A total of 5 volume objects was found in this context.
A total of 5 volume objects was found.

The NDIR /DO /SUB Command

Purpose: Used to view all available information about the directories in the default or pathed directory.

Syntax: NDIR [path] /DO /SUB

Information Provided:

The file server and volume located in the path. The directories contained in the path. The directory's Inherited Rights Filter. The user's Effective Rights to this directory The date the directory was created. The ID of the user who created the directory. The above for all sub-directories contained within each directory.

Example Command and Output:

F:\>NDIR H:\*.* /DO /SUB

NDIR is searching the directory.  Please wait...
Directories      = Directories contained in this path
Filter           = Inherited Rights Filter
Rights           = Effective Rights
Created          = Date directory was created
Owner            = ID of user who created or copied the file

DBDUDE/SYS:APPS\*.*
Dir	Filter	Rights	Created			Owner 
---------------------------------------------------------
WP60	[SRWCEMFA][SRWCEMFA] 8-19-93 7:53p	[Supervisor]
QP30	[SRWCEMFA][SRWCEMFA] 8-19-93 7:57p	[Supervisor]
             2  Directories


DBDUDE/SYS:APPS\WP60\*.*
Dir	Filter	Rights	Created			Owner
--------------------------------------------------------
DATA	[SRWCEMFA][SRWCEMFA]8-19-937:53p	[Supervisor]
             1  Directory

The NDIR /A Command

Purpose: Used to view information about each file in the default or pathed directory.

Syntax: NDIR [path] /A

Information Provided:

The file server, volume and directory contained in the default or pathed drive. The files contained in the path. The size of the file. The date file was last updated. The ID or user who created or copied the file.

Example Command and Output:

F:\>NDIR /A

NDIR is searching the directory.  Please wait...
Files            = Files contained in this path
Size             = Number of bytes in the file
Last Update      = Date file was last updated
Owner            = ID of user who created or copied the file

GEORGIE/SYS:*.*
Files		Size	Last Update		Owner
---------------------------------------------------------
DP.BAT	             82	10-12-93  11:16a	ED
DPSG.EXE	427,338	06-22-92   1:20p	ED
HELPTEXT	 22,448	06-22-92   1:15p	ED
NOVELL.EXE    3,318,660	06-24-93   2:26p	N/A
QCOPY		 13,660	04-07-92   6:00a	Myron
READ.ME		  7,753 06-10-92  10:50a	ED
RIGHTS.TXT	 10,749 08-27-93   2:40p	STASH
GUIDE.DOC	 13,660 04-07-92   6:00a	TODDH
XCOPY.BAT	     12 10-08-93   4:50p	Myron
XCOPY.EXE	 13,660 04-07-92   6:00a	Myron


5,062,834 bytes (2,899,968 bytes in 177 blocks allocated)
            10  Files

The NDIR /R Command

Purpose: Used to view information about each file and directory in the default or pathed directory.

Syntax: NDIR [path] /R

Information Provided:

Files The file server and volume contained in the default or pathed drive. The files contained in the path. The DOS file attributes. The NetWare file attributes. The Compression/Migration status. The Inherited Rights Filter. The user's Effective Rights. The ID or user who created or copied the file.

Directories The file server and volume contained in the default or pathed drive. The directories contained in the path. The directory attributes. The Inherited Rights Filter. The user's Effective Rights to the directory. The date directory was created. The ID or user who created or copied the file.

Example Command and Output:

F:\>NDIR /R

NDIR is searching the directory.  Please wait...
Files            = Files contained in this path
DOS Attr         = DOS file attributes
NetWare Attr     = NetWare file attributes
Status           = Compression/Migration status
Filter           = Inherited Rights Filter
Rights           = Effective Rights
Owner            = ID of user who created or copied the file

GEORGIE/SYS:*.*
Files	DOS Attr NetWare Attr  Status Filter	Rights
---------------------------------------------------------
DP.BAT [Rw---A] [-----------] ---   [SRWCEMFA][SRWCEMFA] 
DPG.EXE[Rw---A] [-----------] Co-   [SRWCEMFA][SRWCEMFA] 
HE.BAT [Rw---A] [-----------] Co-   [SRWCEMFA][SRWCEMFA] 
NOV.EXE[Rw---A] [-----------] Co-   [SRWCEMFA][SRWCEMFA] 
QCOPY  [Rw---A] [-----------] Cc-   [SRWCEMFA][SRWCEMFA] 
READ.ME[Rw---A] [-----------] Co-   [SRWCEMFA][SRWCEMFA] 
RIG.TXT[Rw---A] [-----------] Co-   [SRWCEMFA][SRWCEMFA] 
GO.TXT [Rw---A] [-----------] Co-   [SRWCEMFA][SRWCEMFA] 
XCOPY  [Rw---A] [-----------] Cc-   [SRWCEMFA][SRWCEMFA] 
COP.BAT[Rw---A] [-----------] ---   [SRWCEMFA][SRWCEMFA] 
COPY.EXE[Rw---A][-----------] Cc-   [SRWCEMFA][SRWCEMFA] 

Directories      = Directories contained in this path
Attribute        = Directory attributes
Filter           = Inherited Rights Filter
Rights           = Effective Rights
Created          = Date directory was created
Owner            = ID of user who created the directory

GEORGIE/SYS:*.*
Dir  Attrib Filter Rights	Created		Owner
---------------------------------------------------------
APPS [-----][SRWCEMFA][SRWCEMFA] 4-12-93 3:16p GEORGIE
KELCH[-----][SRWCEMFA][SRWCEMFA] 8-30-93 9:11a ED
LOGIN[-----][SRWCEMFA][SRWCEMFA] 4-12-93 8:35a SUPERVISOR 
STASH[-----][SRWCEMFA][SRWCEMFA] 8-26-93 8:24a ED
SYSTEM[----][--------][SRWCEMFA] 4-12-93 8:35a SUPERVISOR 
NEFF [-----][SRWCEMFA][SRWCEMFA] 8-18-93 9:41a KELCH
USERS[-----][SRWCEMFA][SRWCEMFA] 4-12-93 8:55a GEORGIE
V    [-----][SRWCEMFA][SRWCEMFA] 9-29-93 1:32p ED

5,062,834  bytes (2,899,968  bytes in 177 blocks allocated)
            10  Files
             8  Directories

The NLIST USER /A Command

Purpose: Used to view a list of users logged into the current NDS context.

Syntax: NLIST USER /A

Information Provided:

The current NDS context. The user's connection number. The login name of the user. The network address. The network node. The time when the user logged in.

Example Command and Output:

F:\>NLIST USER /A

Searching:  O=DBMAIN                                                        
Object Class: user
Current context: O=DBMAIN
Conn      = The server connection number
*         = The asterisk means this is your connection
User Name = The login name of the user
Address   = The network address
Node      = The network node
Login time= The time when the user logged in

User Name	Address		Node
--------------------------------------------------------
Admin		[ 1030000]	[      1B1E436C]
ED		[ 1030000]	[      1B1E436C]
Macan		[E0F0C94D]	[      1B1E3D02]
*TODDH	[ 1030000]	[    80C72EA562]
A total of 4 user objects was found in this context.
A total of 4 user objects was found.

The NLIST USER /B Command

Purpose: Used to view a list of users defined to the default or specified server.

Syntax: NLIST USER /B=[server name]

Information Provided:

The default or specified server. The user login name The full name of the user The account is disabled status The date the account will expire The passwords are required setting The date the password expires The unique password required setting The minimum password length The maximum concurrent connections, 0 if no limit

Example Command and Output:

F:\>NLIST SERVER /B=GEORGIE

Object Class: user
Known to Server: GEORGIE
Login name= The user login name
Full name = The full name of the user
Dis       = Yes if the account is disabled
Expires   = The date the account will expire
Pwd       = Yes if passwords are required
Expires   = The date the password expires
Uni       = Yes if unique passwords are required
Min       = The minimum password length
Conn      = The maximum concurrent connections, 0 if no limit

Login Name  Dis  Expires  Pwd Expires  Uni  Min  Conn
---------------------------------------------------------
SUPERVISOR  No   0-00-00  No 0-00-00   No   0    0
ADMIN       No   0-00-00  No 0-00-00   No   0    0
STASH       No   0-00-00  No 0-00-00   No   0    0
NEWUSER     No  12-25-93  No 0-00-00   No   0    2
KVANE       No   0-00-00  No 0-00-00   No   0    0
IAUDIT      No   0-00-00  No 0-00-00   No   0    0
KELCH       No   0-00-00  No 0-00-00   No   0    0
ISPY        No   0-00-00  No 0-00-00   No   5    0
JGOODGUY    No   0-00-00  No 1-05-93   No   6    0
MACAN       No   0-00-00  No 0-00-00   No   0    0
DBMAINADMIN No   0-00-00  No 0-00-00   No   0    0
BLAKE       No   0-00-00  No 0-00-00   No   0    0
RICH        No   0-00-00  No 0-00-00   No   0    0
MARIA       No   0-00-00  No 0-00-00   No   0    0
GAMAL       No   0-00-00  No 0-00-00   No   0    0
KEN         No   0-00-00  No 0-00-00   No   0    0
TODDH       No   0-00-00  No 0-00-00   No   0    0
A total of 17 user objects was found on Preferred Server GEORGIE.

The RIGHTS /T Command

Purpose: Used to view the trustee list of a file or directory in the default or pathed directory.

Syntax: RIGHTS [path] /T

Information Provided:

File The file server and volume. The user trustees to the file. The user's trustee rights. The group trustees to the file. The group's trustee rights.

Directory The file server and volume. The user trustees to the directory. The user's trustee rights. The group trustees to the directory. The group's trustee rights.

Example Command and Output:

File

F:\TODDH>RIGHTS *.* /T

GEORGIE\SYS:TODDH\GL1231.DOC
User trustees:
     CN=TODDH.O=DBMAIN            [ R    F ]
----------
No group trustees have been assigned.

Directory

F:\>RIGHTS /T

GEORGIE\SYS:PROD\ACCOUNT
User trustees:
     CN=ISPY.O=DBMAIN             [ R    F ]
     CN=Myron.O=DBMAIN            [ R    F ]
----------
Group trustees:
     CN=ACCOUNTING.O=dbmain       [ RW   F ]

The NLIST GROUP Command

Purpose: Used to view groups contained within the current NDS context.

Syntax: NLIST GROUP

Information Provided:

The current NDS context. The group contained in the NDS context. The group description.

Example Command and Output:

F:\>NLIST GROUP

Searching:  O=dbmain                                                        
Object Class: group
Current context: O=dbmain
Group name = The name of the group
Description= The description of the group

Group Name                 Description
--------------------------------------
CN=ACCOUNTING                                                                                    
CN=FINANCE
Two group objects were found in this context.

Two group objects were found.

NLIST ORGANIZATION SHOW "LOGIN SCRIPT" Command

Purpose: Used to view the login scripts of organizations within the current NDS context.

Syntax: NLIST ORGANIZATION SHOW "LOGIN SCRIPT"

Information Provided:

The current context. The organizations within the current context. The organization's login script associated with each organization.

Example Command and Output:

F:\>NLIST ORGANIZATION SHOW "LOGIN SCRIPT"

Searching:  [Root]                                         
Current context: [Root]
Organization: O=DBMAIN

Login Script:
map ins s1:=georgie_sys:\public
map ins s3:=georgie_sys:\apps\pdox40
map ins s16:=georgie_sys:\apps\wp60
map H:=georgie_sys:\users\%LOGIN_NAME\PDOX
-------------------------------------------
Organization: O=Europe

Login Script:
map ins s1:=georgie_sys:\public
-------------------------------------------
                 
A total of 2 organization objects was found in this context.
                 
A total of 2 organization objects was found.

The CX /T /ALL Command

Purpose: Used to view the NDS tree within the current NDS context.

Syntax: CX /T /ALL

Information Provided:

Directory Services Mapping

Example Command and Output:

F:\>CX /T /ALL

*** Directory Services Mapping ***

[Root]
  O=DBMAIN
      CN=DBDUDE
      CN=Admin
      CN=DBDUDE_SYS
      CN=DBDUDE_VOL1
      CN=mba
      CN=Kelch
      CN=Macan
      CN=Blake
      CN=Q3
    OU=NEW1
      CN=DbMainAdmin
      CN=public
    OU=new2
      CN=USER_TEMPLATE
      CN=glip
      CN=TODDH
      CN=HP2
      CN=ACCOUNTING
      CN=q4
  O=US
      OU=Audit
         OU=Chicago
         OU=GeorgeSYS
            CN=ChiEE
         OU=NewYork
            CN=NYEE
         CN=AuditAdmin
         CN=public
      OU=Tax
      OU=Consulting
   O=Europe
      CN=EuropeAdmin

NLIST ORGANIZATION SHOW "DETECT INTRUDER" Command

Purpose: Used to view the "Detect Intruder" settings for organizations within the current NDS context.

Syntax: NLIST ORGANIZATION SHOW "DETECT INTRUDER"

Information Provided:

The current context The organizations found within the current context. The "Detect Intruder" settings associated with each organization.

Example Command and Output:

F:\>NLIST ORGANIZATION SHOW "DETECT INTRUDER"

Searching:  [Root]                                                          
Current context: [Root]
Organization: O=DBMAIN
Detect Intruder: False
-------------------------------------------------
One organization object was found in this context.
One organization object was found.

The NLIST GROUP SHOW "MEMBER" Command

Purpose: Used to view the groups defined within the current NDS context and the members of each group.

Syntax: NLIST GROUP SHOW "MEMBER"

Information Provided:

The current NDS context The groups within the current NDS context The group members associated with each group.

Example Command and Output:

F:\>NLIST GROUP SHOW "MEMBER"

Searching:  O=dbmain                                       
Object Class: group
Current context: O=dbmain
Name: CN=ACCOUNTING
Member: ED
Member: GAMAL
Member: KELCH
Member: STASH
Member: HEEMSOTH
One group object was found in this context.

One group object was found.

Bibliography

Security

IBM International Technical Support Center. 1989. Communications Security: "IN-HOUSE" Cable and Line Considerations. Document Number ZZ81-0232 (December).

IBM International Technical Support Center. 1989. Introduction to System and Network Security: Considerations, Options, and Techniques. Document Number GG24-3451.

Institute of Internal Auditors. 1993. Codification of Standards for The Professional Auditor.

Institute of Internal Auditors. 1991. Systems Auditability and Control.

Jamieson, Roger, and Graham Low. 1989. "Security and Control Issues in Local Area Network Design." Computer and Security Volume 8 Number 4: 305-316.

Levy, Steven. 1984. Hackers - Heros of the Computer Revolution. Garden City: Anchor Press/Doubleday.

Pfleeger, Charles P. 1989. Security in Computing. Englewood Cliffs: Prentice Hall.

Stoll, Clifford. 1989. The Cuckoo's Egg. New York: Doubleday.

CSC-STD-001-83, Department of Defense Trusted Computer System Evaluation Criteria. December 1985.

NCSC-TG-001, A Guide to Understanding Audit in Trusted Systems. June 1, 1988.

NCSC-TG-017, A Guide to Understanding Identification And Authentication in Trusted Systems. September 1, 1991

NCSC-TG-024, A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators. June 30, 1993.

164-000030-015, NetWare Security: Configuring and Auditing a Trusted Environment. A Novell Cooperative Research Report, Novell Research, 1991

Networks

Bates, Regis J. "Bud". 1994. Disaster Recovery for LANs. McGraw-Hill, Inc.

Berson, T.A. 1989. Local Area Network Security. Springer-Verlag.

Comer, Douglas E. 1988. Internetworking with TCP/IP - Principles, Protocols, and Architecture. Englewood Cliffs: Prentice Hall.

Conard, James W., ed. 1989. Handbook of Communication Systems Management. Boston: Auerbach Publishers Inc.

Conard, James W. ed. 1989. Handbook of Communication Systems Management - 1989 Yearbook. Boston: Auerbach Publishers Inc.

Day, Michael, and Ken Neff. 1991. Troubleshooting NetWare for the 386, M&T Books.

Derfler, Frank Jr. 1991. PC Magazine Guide to Using Netware, Ziff-Davis Press.

"EDP Auditor Journal, The." Illinois: The EDP Auditors Foundation, Inc., Volume III, 1989.

Fitzgerald, Jerry. 1993. Business Data Communications - Basic Concepts, Security, and Design. New York: John Wiley and Sons.

Herbon, Gamal B. 1994. Designing NetWare Directory Services J. M&T Books.

Jensen, Randall W. and Charles C. Tonies. 1979. Software Engineering. Prentice-Hall.

"LAN Technology." 501 Galveston Dr., Redwood City, CA.: M&T Publishing, Inc., all issues.

Liebing, Edward. 1993. NetWare User's Guide. M&T Books.

Martin, James, et al. 1989. Local Area Networks - Architectures and Implementations. Englewood Cliffs: Prentice Hall.

Perlman, Radia. 1992. Interconnections. Addison-Wesley.

Stallings, William. 1990. The Business Guide to Local Area Networks. Carmel: Howard W. Sams and Company.

479-000063-001, Network Backup, Novell Research, 1990

164-000032-004, Special NetWare 4.0 Edition, NetWare Application Notes April 1993, Novell Research, April 1993.

* Originally published in Novell AppNotes


Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Micro Focus