Novell is now a part of Micro Focus

Appendix A: New Security and Auditing Features in NetWare 4.11

Articles and Tips: article

01 Nov 1997

Novell's release of NetWare 4.11 is designed to meet U.S. Class C2 and European F-C2/E2 evaluation criteria. It delivers enhanced security service levels and presents NetWare administrators with new functionality based upon both U.S. and European criteria. This release of NetWare contains specific user-requested improvements and provides enhanced levels of security assurance in auditing.

Novell has pursued commercial off-the-shelf (COTS) network security as a fundamental component of NetWare. NetWare 4.11 was designed to provide a substantial base from which to continue providing network security products well into the future, as well as to offer higher than required security assurances levels in many of the evaluated areas. This design allows NetWare users to continually upgrade NetWare and not lose the security features and assurances obtained through evaluation.

This appendix examines the security and auditing feature enhancements in NetWare 4.11. This information will help network administrators and corporate auditors obtain information directly from the audit files and extend their Electronic Data Processing (EDP) audits, as well as provide support for internal audit professionals.

Security Features

With NetWare 4.11, Novell introduces NetWare Enhanced Security. NetWare Enhanced Security is designed to meet the Controlled Access implementation (Class C2) requirements of the Trusted Network Interpretation (NCSC-TG-005) of the Trusted Computer System Evaluation Criteria (DoD5200.28-STD).

The following are among the NetWare Enhanced Security features:

  • The SECURE.NCF file provides a script that assigns the correct values to C2-sensitive SET parameters. You can run this script at any time from the system prompt of a NetWare 4.11 server.

  • The "Enable SECURE.NCF" SET parameter allows you to specify that the SECURE.NCF file runs automatically during system boot.

Auditing Features

In the area of audit, NetWare 4.11 offers several additional abilities within the AUDITCON utility which comply with Class C2 design specifics. While only certain combinations of features are allowed under the Class C2 setup, many of these features are available as alternatives for those who do not have to maintain a completely verified Class C2 operation.

Improved AUDITCON Utility. The AUDITCON utility has been significantly improved to enable C2 compliant auditing. More than 70 auditable events have been added to expand the areas covered by an electronic audit.

NDS-based Access to Audit Logs. Audit Log files are now represented by and managed as Directory objects. This enables you to control access to Audit Log files by using NDS rights assignments. While password-based audit access controls will be maintained for backward compatibility with NetWare 4.1, changing auditing to an NDS paradigm has far-reaching ramifications. Specifically, network administrators will be able to delegate the audit function within the organizational structure of the company. Senior auditors will be able to sub-delegate the audit function to audit staff throughout the organization, while observing audit parameter changes made in the field.

Audit File Maintenance. Additional features have been added to improve audit file maintenance, including several new options for audit file overflow recovery. In NetWare 4.11, audit supervisors have three exclusive options for audit file recovery, including a file roll-over option. They are:

  • Disable event recording

  • Disable audited / auditable events

  • Reset audit file

Auditing for the Workstation. External audit data service is provided for in NetWare 4.11 for use by trusted workstations. Before the introduction of Novell's trusted workstation, there was very little ability to securely audit a network DOS/Windows operating system on a client. Now, with a trusted workstation architecture, audit information pertaining to client login and the file system can be maintained. When implemented, this feature allows multiple trusted workstations to share the same audit file at the server or to allocate files for individuals or groups (as required). Audit activities of workstations are separate from Container or Volume objects.

Copyright 1997 by Novell, Inc. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose without the express written permission of Novell.

All product names mentioned are trademarks of their respective companies or distributors.

* Originally published in Novell AppNotes


The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates