Appendix
Articles and Tips: article
01 Apr 1994
- Appendix A: NetWare 4 Feature Comparison
- Appendix B: Security Product Vendor Information
- Appendix C: NetWare 4 Commands for Auditors
- Bibliography
Appendix A: NetWare 4 Feature Comparison
NetWare 4 is the most advanced and powerful network operating system available today. This release represents the ninth generation of NetWare development. It adds a whole new dimension to network computing, extending network services and making network management easier than ever.
For critical business data to be viably handled on a network, the underlying platform must be robust enough to handle network-wide administration and management. It must also provide ample security to protect sensitive corporate information.
NetWare 4 allows better management control, easier maintenance, and more flexible security options than any other network operating system currently available. It is the ideal platform for today's sophisticated networking needs, and it will continue to support those needs as network computing evolves in the future.
This appendix provides a comparison of NetWare 3.12 and NetWare 4 features.
NetWare Feature Comparison
Figure 1 provides a comparison of features common to NetWare 4 and NetWare 3.12, as well a listing of many features new with NetWare 4.
Figure 1: Feature comparison between NetWare 4 and 3.12.
|
FEATURE
|
NetWare 4
|
NetWare 3.12
|
|
OPERATING SYSTEM ARCHITECTURE |
||
|
Maximum numberof user connections per server |
1000 |
250 |
|
User configuration (stratification) |
5, 10, 20, 50, 100, 250, 500, 1000 |
5, 10, 20, 50, 100, 250 |
|
Maximum numberof server connections per client workstation |
50 (configurablein client VLM) |
8 |
|
Object-based global naming service |
Yes (NetWare Directory Services) |
No |
|
Single login to network |
Yes |
No |
|
MEMORY AND DISK REQUIREMENTS |
||
|
Minimum server memory requirements |
6 MB |
4 MB |
|
Optional Ring 3 memory protection |
Yes |
No |
|
Dynamic Ring3 reinitialization on failure |
Yes |
No |
|
ContinuousRing 0 operation on Ring 3 fail |
Yes |
No |
|
Hard diskspace used by operating system |
12 to 60 MB |
9 MB |
|
FILE SYSTEMAND STORAGE |
||
|
Read-ahead cache |
Yes |
No |
|
Intelligentdata compression |
Yes |
No |
|
Support fordata migration hardware (optical jukebox,read/write optical, and so on) |
Yes |
No |
|
Real-timeData Migration - High Capacity Storage System (HCSS) |
Yes |
No |
|
NETWORK SECURITY |
||
|
Restrict loginto specific Medium Access Control addresses |
Yes (optional) |
No |
|
Compressiondirectory and file attribute |
Yes |
No |
|
Migrationdirectory and file attribute |
Yes |
No |
|
AUDITCONSECURITY AUDITING |
||
|
File systemauditing |
Yes |
N/A |
|
NDS eventauditing |
Yes |
N/A |
|
Independentnetwork auditor |
Yes |
N/A |
|
Independentauditor password |
Yes |
N/A |
|
Multiple auditors |
Yes |
N/A |
|
Audit usersecurity transactions |
Yes |
N/A |
|
Audit userfile transactions |
Yes |
N/A |
|
Audit supervisortransactions |
Yes |
N/A |
|
Audit filecreation statistics |
Yes |
N/A |
|
Audit directorycreation statistics |
Yes |
N/A |
|
Audit volumestatistics |
Yes |
N/A |
|
Transactionlogs |
Yes |
N/A |
|
Filter transactionlogs |
Yes |
N/A |
|
Transactionmonitoring/automatic log updates |
Yes |
N/A |
|
NETWORKMANAGEMENT |
||
|
Determinewho has console/supervisor privileges |
Yes |
No |
|
View consoleoperation status |
Yes |
No |
|
View supervisorequivalent status |
Yes |
No |
|
View hierarchicalDirectory tree |
Yes |
No |
|
Remote consolesession security |
Yes |
No |
|
Remote consolemodem callback |
Yes |
No |
|
NETWAREDIRECTORY SERVICES |
||
|
Maximum numberof tree levels |
15 |
N/A |
|
Object oriented |
Yes |
N/A |
|
Directoryobject creation (user, volume, alias, organization,print server, queue, printer group, computer,directory map, bindery objects, and so on) |
Yes |
N/A |
|
Extensibleschema (set of objects and attributes) |
Yes (programmed) |
N/A |
|
Maximum numberof attributes per object |
Unlimited (defaultset of attributes per object type) |
N/A |
|
Maximum lengthof attribute fields |
Unlimited |
N/A |
|
Partition database |
Yes (logical subtree) |
N/A |
|
Physical location of partitions |
One or more servers |
N/A |
|
User-definable partitions |
Yes |
N/A |
|
Partitionsreplicated across multiple servers |
Yes |
N/A |
|
Root partition replicated |
Yes |
N/A |
|
Read-only partitions |
Yes |
N/A |
|
Read/Write partitions |
Yes |
N/A |
|
Background authentication |
Yes |
N/A |
|
Background synchronization |
Yes |
N/A |
|
Protocol independent |
Yes |
N/A |
|
Unicode enabled |
Yes |
N/A |
|
External nameservice synchronization |
Yes |
N/A |
|
Object andproperty access rights (add, delete, rename,move, read, compare, list, modify, browse) |
Yes |
N/A |
|
Name searching (white paging) |
Yes |
N/A |
|
Topical searching (yellow paging) |
Yes |
N/A |
|
TIME SYNCHRONIZATION |
||
|
International time zone support |
Yes |
No |
|
Daylight Savings Time support |
Yes |
No |
|
User-configurable time synchronization |
Yes |
No |
|
Single reference time server |
Yes (optionaluse of external atomic clock) |
No |
|
Multiple primary time servers |
Yes |
No |
|
Multiple secondary time servers |
Yes |
No |
|
BACKUP SERVICES |
||
|
Workstation backup |
Yes (DOS, OS/2) |
No |
|
NETWORK PRINTING |
||
|
Maximum sharedprinters per print server |
256 |
16 |
|
RAM used onworkstation-attached network printer |
4,976 bytes(parallel) 5,488 bytes (serial) |
4-20 KB |
|
NETWORK UTILITIES |
||
|
Approximate number of utilities |
50 (consolidated) |
130 |
|
IMAGING (Optional Service) |
||
|
Attribute search |
Yes |
No |
|
Image manipulation |
Yes |
No |
|
Distributeddata migration (Mass Storage System - MSS) |
Yes |
No |
|
Image compression |
Yes |
No |
|
Content document architecture |
Yes |
No |
|
APPLICATIONPROGRAM INTERFACES (APIs) |
||
|
Image EnabledNetWare (optional Kodak services) |
Yes |
No |
|
Hierarchicalstorage (data migration) |
Yes |
No |
|
Document management services |
Yes (post 4.0release) |
No |
|
COMMUNICATIONPROTOCOLS |
||
|
Large InternetPacket (LIP) |
Yes |
Yes |
|
CLIENT SUPPORTAND INTEROPERABILITY |
||
|
DOS |
7 |
|
|
Modular client"requester" architecture |
Yes (VLM) |
Yes (VLM) |
|
Number offiles stored on a DOS workstation by thenetwork operating system |
20 (4 plus16 optional VLMs) |
20 (4 plus16 optional VLMs) |
|
Conventionalmemory (640KB area) used (Use of XMS/EMSsupports built in; small footprint when used) |
53KB (requester,IPXODI, LSL, LAN driver) |
53KB (shell,IPXODI, LSL, LAN driver) |
|
Additionalconventional memory used with packet burst (Use of XMS/EMS supports built in; smallfootprint when used) |
53KB |
53KB |
|
Extended memorysupport |
Yes |
Yes |
|
LPT portson client |
LPT1 - LPT9 (VLMs support) |
LPT1 - LPT3 |
|
Windows |
||
|
Windows 3.0 NetWare Tools |
Yes (expanded user tools) |
Yes (basic user tools only) |
|
Windows 3.1 NetWare Tools |
Yes (expanded user and admin. tools) |
Yes (basic user tools only) |
|
Packet burstincluded with Windows client |
Yes (requester) |
Yes (requester) |
|
Load client software after Windows |
Yes |
Yes |
|
Login under Windows |
Yes |
Yes |
|
UNIX |
||
|
NeXT workstation support |
Yes |
No |
|
CLIENT UTILITIESFOR NETWARE ADMINISTRATION |
||
|
Supported Platforms |
||
|
Windows |
Yes (3.1 only) |
Yes (3.1 only) |
|
OS/2 2.0 Presentation Manager (PM) |
Yes |
Yes |
|
SupervisorAdministrative Functions |
||
|
Single administrativetool for network |
Yes (Windows, PM) |
No |
|
File system(move, copy, trustees, salvage, rights) |
DOS, Windows, PM |
DOS, Windows |
|
Directoryservices (create/delete objects; edit attributes) |
DOS, Windows, PM |
N/A |
|
Search NDS Directory |
DOS, Windows, PM |
N/A |
|
Move objectsin Directory Services tree |
DOS, Windows |
N/A |
|
Directory Services security |
DOS, Windows, PM |
N/A |
|
DirectoryServices partition management |
DOS, Windows |
N/A |
|
Printing (queues,printers, print servers) |
DOS, Windows |
DOS, Windows |
|
End User Tools |
||
|
Change/SetDirectory Services context |
DOS, Windows, PM |
N/A |
|
Browse Directory Services |
DOS, Windows, PM |
N/A |
|
User toolswork with both bindery and Directory Services |
DOS, Windows, PM |
N/A |
|
Change file rights and attributes |
DOS, Windows, PM |
DOS |
|
Login |
DOS, Windows, PM |
DOS, Windows |
|
Client install |
DOS, PM |
DOS |
|
NETWORK INTERFACE CARD SUPPORT |
||
|
Client |
||
|
Ethernet default frame type |
IEEE 802.2 |
IEEE 802.2 |
|
NDIS protocolstack supported (via ODINSUP) |
Yes |
Yes |
|
Third-party drivers supported |
Yes (approx. 150 included in box) |
Yes (Novelldrivers only included in box) |
|
Server |
||
|
Ethernet default frame type |
IEEE 802.2 |
IEEE 802.2 |
|
Third-party drivers supported |
Yes (approx. 150 included in box) |
Yes (Novelldrivers only included in box) |
|
DOCUMENTATION |
||
|
Available on CD-ROM |
Yes |
Yes |
|
Windows-baseddocumentation viewer |
Yes |
Yes |
Security Product Vendor Information
From its inception, Novell has realized that strategic partnering is important to providing the customer full product line support. This is especially true in the area of network security and control. Because of the many components that make up a typical network, the user and network provider are confronted with any choices for security which cover the client to the server. One could easily look at security solutions for the client workstation, the server, and the enterprise network and its many components. However, it is important to narrow the focus and choose products judicially that serve individual needs.
Novell currently has a Security Strategic Alliance with the following companies:
American Telephone & Telegraph
Cordant, Inc.
Computer Associates
DATAMEDIA, Inc.
Digital Equipment Corporation
LAN Support Group, Inc.
Blue Lance, Inc.
ENIGMA LOGIC
HUGHES Aircraft Company
RAXCO
KPMG
Intrusion Detection, Inc.
MERGENT International, Inc.
SecureWare
SEMAPHORE Communications Corporation
TREND Micro Devices, Inc.
The following listing contains information on various security and auditing products that are currently available for use with NetWare 4. All of the products listed on the following pages are available for purchase and are in use by several major corporations (both in the U.S. and internationally).
Disclaimer: Novell neither endorses the listed products nor deems this list to be complete. This product listing is offered only as a sample of the variety of third-party products that are currently available to help you build a trusted NetWare 4 network environment.
|
ALADDIN Software Security Inc.350 Fifth AveSuite 7204New York, NY 10118 Tel: 800-223-4277 212-564-5678Fax: 212-564-3377 |
NetHASP NetHASP - hardware key |
Software protectionthrough Hardware Privacy &Authentication Components - NetHASP hardware key and small software program. Only one hardware key is needed to active a protected program. Installation of key not location bound. Limits number of stations accesses to software Limits number of activations permitted each program. Protests up to 112 programs. Full DOS & Windows support. NetWare and Net-BIOS LAN protocol compatible. |
|
Blue Lance,Inc.1700 West Loop SouthSuite 1100Houston,Tx 77027Attn: Satish Kinra Tel: 713-680-1187Fax:713-622-1370 |
LT Auditor 4.0+ |
Novell 2.2,3.11 NLM certified Novell 4 Beta end of 1 QTR 1994 On-line auditing Server Centric Software Metering HardwareInventory Configuration management US Navy Standard |
|
Cordant, Inc.InformationSecurity Division11400 Commerce ParkDriveReston, VA 22091-1508Tel: 800-843-1132Tel:703-758-7000 |
Assure Secures standalone and Novell workstations - under C2 evaluation at NCSC. Assure Server NLM that works in conjunction with Assure toprovide end-to-end security in a NetWare environment. Assure Basic Secures standalone and Novell Workstations. |
Hardware/Software-Based Security: DOS and Windows Pcs: Notebooks, Laptops, Desktops Identification/Authentication Discretionary Access Control ObjectReuse Auditing BootProtection Single Sign-On to NetWare PublicKey Encryption Digital Signature Algorithm SmartCard (NIST Certified) Secure Communication AutomaticDES Encryption Virus Prevention NetWareCertified Central Security Administration NICChecking Attachment Auditing SupervisorNotification Non-Assure Workstation Lockout Software-Based Security: DOS and Windows PCs: Notebooks, Laptops, Desktops Identification/Authentication DiscretionaryAccess Control Object Reuse Auditing BootProtection Single Sign-On to NetWare PublicKey Encryption Digital Signature Algorithm SmartCard (NIST Certified) Virus Protection |
|
DATAMEDIA Corporation20Trafalgar SquareNashua, NH 03063Attn:SECUREcard Marketing Tel: 603-886-1570Fax:603-598-8268Info@datamedia.com |
SECUREcard SECUREcard/100 SECUREcard/200 SECUREcard/300 SECUREcard/400 |
DOS& Windows PC's Identification &Authentication (I&A) Discretionary Access Control (DAC) Auditing Common Sign-On & Network Isolation CentralSite Administration Personal Privacy & Security Software based security for PCs. Option for smart card I&A and hardware enhanced protection. Hardware add-in controller board. Configuration control, token based I&A and network isolation. Combination of 200/300 features to provide Workstation Security beyond C2. |
|
ENIGMA LOGIC2151 Salvio StreetSuite 301Concord,CA 94520Tel: 510-827-5707Fax: 510-827-2593Attn:John R. Muir |
SafeWord for Novell |
Dial-Up& Access Control User Authentication via non-replayable "dynamic" passwords DES based password "token" (handheld cards) Multi-vendor token compatible AuditCompatible with NetWare 2.x, 3.x, UNIX, MVS,VMS, and MS-DOS |
|
Intrusion Detection,Inc.217 East 86th StreetSuite 213NewYork, NY 10028Attn: Robert Kane Tel:212-360-6104Fax: 212-427-9185 |
The Kane Security Analyst |
Knowledge-based NetWare Windows GUI Security testing |
|
LAN SupportGroup, Inc.2425 FountainView DrSuite390Houston, Tx 77057Attn: David Pulaski Tel: 800-749-8439Tel: 713-789-0881Fax: 713-977-9111 |
Bindview+ NCS Console SIM- Server Information Module WAM- Workstation Asset Management |
LANManagement, Audit, Security/Control Package. NetWare 2.x,3.x certified NetWare 4 Bindery compatible Extensive Data Gathering & Reporting features. Multi-format data presentation and capture - Spreadsheet, Database, Dossier Broad Hardware & Software Inventory Module - Integrated into reporting facility Auditor Traveling License available 4.0 Migration tool NetWare 4.1 Beta 2nd. Qtr 1994 Server Auditing Module 2 QTR 1994 Rules-Based Security NLM 3 Qtr 1994 Standard for several Big 6. Standard for Major money center banks. |
|
MERGENT International70Inwood RoadRocky Hill, CT 06067-3441 Tel: 203-257-4223Fax: 203-257-4245Attn:Kathleen Garlasco |
Domain/DACS Net/DACS SSO/DACS |
Centralized security management. Includes PC/DACS for DOS, which secures point of entry and provides access control, encryption, boot protection, time out, virus protection and more. Supports all popular LANs. Provides audit controls. Transparent to end-user. Supports DOS and Windows PCs. Supports Novell NetWare (all versions) Includes PC/DACS for DOS Integrates PC/DACS security with NetWare's security. Provides audit controls. Peer-to-Peer Administration Single-Sign-On to network. Transparent to end-user. Supports DOS & Windows. Multi-platform Single-sign-on to any network or server. Reduces or eliminates need for multi-passwords. Password management. Supports DOS & Windows. Automate& customize sign-on. |
|
NetWork EnhancementTools, Inc.(NETinc)20218 BridgedaleLaneHumble, Tx 77338 Tel: 713-446-2154Fax:713-540-8652 |
NETMenu™NETMenuLAN ToolkitJ NETSentry™ |
Allowsonly trusted users and groups to shell out True access control (local and remote) Create multi-level security Audit user activities Software license metering and control Screen blanking with NetWare encrypted password control Automatic log outs and log ins Unlimited users perserver license DOS and Windows support Over 70 programs in a neat package LAN administrator's helper Logout inactive users with knowledge of their operating environment Secure idle workstations Easy administration Exception handling Orderly shutdown capability Fully configurable PCX screen blankers Third-party screen blankers supported Full-featured audit rail listing NetWare compatible Customizable DOS and Windows support Encrypted password supported |
|
SEMAPHORECommunicationsCorporation2040 Martin AvenueSanta Clara, CA 95050 Tel: 408-980-7750Fax: 408-980-7769 |
Network SecuritySystem (NSS) Network Encryption Unit (NEU) Network Security Center (NSC) |
Nodeto Node and Site-to-Site data transmission security. Supports: a:all popular LAN Protocols at Network Layer. b:all variants of NetWare Data Link Layer encapsulation. c: simultaneous Layer2 Layer 3 traffic Using RSA and DES, provides: Authentication; AccessControl; Key Management; Encryption. User Operations unchanged. Works with existing LAN/WAN configurations. Cross-vendor products unaffected. Scaleable to very large networks. Operates at full Ethernet bandwidth. |
|
TREND MicroDevices, Inc.2421 West 205th StreetSuiteD-100Torrance, Ca 90501-1462 Tel: 310-782-8190Fax: 310-328-5892 |
StationLock StationLock LANPack |
Hardware plug and play security card. Virus protection AccessControl Recovery Control Resource Management Encryption to DOS workstations Audit trail Central Site Administration & Authentication |
NetWare 4 Commands for Auditors
The following NetWare 4 commands can be used to assist auditors in obtaining information to produce initial documentation for a single server running the NetWare 4 operating system. These commands will help gather pertinent information for understanding the audit reports produced by AUDITCON.
For scripts that can be used on NetWare 2 and 3 operating version please refer to the Novell Cooperative Research Report titled NetWare Security: Configuring and Auditing a Trusted Environment. For additional details on these commands and others with their various options that might be used by one managing the security of the system or auditing it, see the NetWare 4 Utilities Reference Manual and the NetWare 4 Concepts Manual.
The NVER Command
Purpose: Used to determine the version of software running on your server and workstation.
Syntax: NVER
Information Provided:
Link Support Layer LAN Drivers Protocol Stack IPX API Version SPX API Version VLM Attached Servers File Server Operating System Version Workstation Operating System
Example Command and Output:
F:\>NVER DOS: V5.00 Link Support Layer: Version 2.01 Lan Drivers: Board 1: Xircom Pocket Ethernet Adapter III Version: 1.04 Frame type: ETHERNET_802.3 Maximum frame size: 1514 bytes Line speed: 10 Mbps Interrupt number: 7 Port number: 0378-037a Node address: [80C72EA562] Protocol Stack: Description: IPX Internetwork Packet Exchange Version: 2.11 Network address: [01030000] Binding Information: Board 1 Protocol ID = 0 IPX API version: 3.30 SPX API version: 3.30 VLM: Version 1.02 Revision A using Extended Memory Attached file servers: Server name: GEORGIE Novell NetWare 4.01 (July 12, 1993) Server name: DBDUDE Novell NetWare 4.01 (July 12, 1993)
The NLIST SERVER /B Command
Purpose: Used to view a list of the bindery servers on your internetwork and information about those servers.
Syntax: NLIST SERVER /B
Information Provided:
List of active NetWare servers known to attached server The server network address The server network node The status of user's connection to active server
Example Command and Output:
Syntax: NLIST SERVER /B
Information Provided:
List of active NetWare servers known to attached server
The server network address
The server network node
The status of user's connection to active server
Example Command and Output:
F:\>NLIST SERVER /B
Object Class: server
Known to Server: GEORGIE
Active NetWare Server = The NetWare Server that is currently running
Address = The network address
Node = The network node
Status = The status of your connection
Active NetWare Server Address Node Status
---------------------------------------------------------
311TEST [ 1084117] [ 1]
386-CLASS3 [ 1CAFFCA] [ 1]
386-CLASS3A [ 1CAFFFC] [ 1]
GEORGIE [2BC97DB9] [ 1] Default
SVE-ASYNC [C1FF4035] [ 1]
SVE-CM [C1F0003C] [ 1]
SVL-ADMIN [C0054141] [ 1]
YOICKS [ 1FD03D1] [ 1]
ZAUGG_DOUGLAS_A [ 110DDDD] [ 1]
A total of 9 server objects was found.
The NLIST SERVER Command
Purpose: Used to view a list of servers within the current NDS context.
Syntax: NLIST SERVER
Information Provided:
The current NDS context The NetWare server name located in the context The server network address The server network operating system version The network operator
Example Command and Output:
F:\>NLIST SERVER Searching: O=DBMAIN Object Class: server Current context: O=DBMAIN NetWare Server= The server name Address = The network address Version = The server version Operator = The network operator NetWare Server Address Version Operator -------------------------------------------------------- CN=DBDUDE [2C741194] Novell Net CN=DB2 [2C73CE22] Novell Net CN=DB1 [2C73CE26] Novell Net CN=GEORGIE [2BC97DB9] Novell Net CN=SRD [ 10302FF] Novell Net CN=PRV-MAIL-SERV[ 1FFBA94] Novell Net CN=mba [ 1030202] Novell Net A total of 7 server objects was found in this context. A total of 7 server objects was found.
The NDIR /VOL Command
Purpose: Used to view information about the default or pathed volume.
Syntax: NDIR [path] /VOL
Information Provided:
The file server and volume located in the path. The total volume space (in kilobytes). The space used by files (including file data, information in the File Allocation Table, and information in the directory table). Deleted space not yet purgeable The space remaining on the volume. The space available to the user. Maximum directory entries. Available Directory entries Space used if files were not compressed Space used by compressed files Space saved by compressing files Uncompressed space used.
Example Command and Output:
F:\>NDIR /VOL
Statistics for fixed volume GEORGIE/SYS:
Space statistics are in KB (1024 bytes).
Total volume space: 339,104 100.00%
Space used by 2,162 entries: 148,992 43.94%
Deleted space not yet purgeable: 0 0.00%
----------------
Space remaining on volume: 190,112 56.06%
Space available to TODDH: 190,112 56.06%
Maximum directory entries: 14,848
Available directory entries: 7,118 47.94%
Space used if files were not compressed: 192,143
Space used by compressed files: 67,683
-------------
Space saved by compressing files: 124,460 64.77%
Uncompressed space used: 111,997
The NLIST VOLUME Command
Purpose: Used to view the file server volumes defined within the current NDS context.
Syntax: NLIST VOLUME
Information Provided:
The current NDS context The volume name located in the context. The server where the volume is located. The physical volume name.
Example Command and Output:
F:\>NLIST VOLUME
Searching: O=DBMAIN
Object Class: volume
Current context: O=DBMAIN
Volume name = The name of the volume
Host server = The server where the volume is located
Physical volume= The physical volume name
Volume Name Server Physical Volume
---------------------------------------------------------
CN=DBDUDE_SYS DBDUDE SYS
CN=DBDUDE_VOL1 DBDUDE VOL1
CN=DB1_SYS DB1 SYS
CN=DB2_SYS DB2 SYS
CN=GEORGIE_SYS GEORGIE SYS
A total of 5 volume objects was found in this context.
A total of 5 volume objects was found.
The NDIR /DO /SUB Command
Purpose: Used to view all available information about the directories in the default or pathed directory.
Syntax: NDIR [path] /DO /SUB
Information Provided:
The file server and volume located in the path. The directories contained in the path. The directory's Inherited Rights Filter. The user's Effective Rights to this directory The date the directory was created. The ID of the user who created the directory. The above for all sub-directories contained within each directory.
Example Command and Output:
F:\>NDIR H:\*.* /DO /SUB
NDIR is searching the directory. Please wait...
Directories = Directories contained in this path
Filter = Inherited Rights Filter
Rights = Effective Rights
Created = Date directory was created
Owner = ID of user who created or copied the file
DBDUDE/SYS:APPS\*.*
Dir Filter Rights Created Owner
---------------------------------------------------------
WP60 [SRWCEMFA][SRWCEMFA] 8-19-93 7:53p [Supervisor]
QP30 [SRWCEMFA][SRWCEMFA] 8-19-93 7:57p [Supervisor]
2 Directories
DBDUDE/SYS:APPS\WP60\*.*
Dir Filter Rights Created Owner
--------------------------------------------------------
DATA [SRWCEMFA][SRWCEMFA]8-19-937:53p [Supervisor]
1 Directory
The NDIR /A Command
Purpose: Used to view information about each file in the default or pathed directory.
Syntax: NDIR [path] /A
Information Provided:
The file server, volume and directory contained in the default or pathed drive. The files contained in the path. The size of the file. The date file was last updated. The ID or user who created or copied the file.
Example Command and Output:
F:\>NDIR /A
NDIR is searching the directory. Please wait...
Files = Files contained in this path
Size = Number of bytes in the file
Last Update = Date file was last updated
Owner = ID of user who created or copied the file
GEORGIE/SYS:*.*
Files Size Last Update Owner
---------------------------------------------------------
DP.BAT 82 10-12-93 11:16a ED
DPSG.EXE 427,338 06-22-92 1:20p ED
HELPTEXT 22,448 06-22-92 1:15p ED
NOVELL.EXE 3,318,660 06-24-93 2:26p N/A
QCOPY 13,660 04-07-92 6:00a Myron
READ.ME 7,753 06-10-92 10:50a ED
RIGHTS.TXT 10,749 08-27-93 2:40p STASH
GUIDE.DOC 13,660 04-07-92 6:00a TODDH
XCOPY.BAT 12 10-08-93 4:50p Myron
XCOPY.EXE 13,660 04-07-92 6:00a Myron
5,062,834 bytes (2,899,968 bytes in 177 blocks allocated)
10 Files
The NDIR /R Command
Purpose: Used to view information about each file and directory in the default or pathed directory.
Syntax: NDIR [path] /R
Information Provided:
Files The file server and volume contained in the default or pathed drive. The files contained in the path. The DOS file attributes. The NetWare file attributes. The Compression/Migration status. The Inherited Rights Filter. The user's Effective Rights. The ID or user who created or copied the file.
Directories The file server and volume contained in the default or pathed drive. The directories contained in the path. The directory attributes. The Inherited Rights Filter. The user's Effective Rights to the directory. The date directory was created. The ID or user who created or copied the file.
Example Command and Output:
F:\>NDIR /R
NDIR is searching the directory. Please wait...
Files = Files contained in this path
DOS Attr = DOS file attributes
NetWare Attr = NetWare file attributes
Status = Compression/Migration status
Filter = Inherited Rights Filter
Rights = Effective Rights
Owner = ID of user who created or copied the file
GEORGIE/SYS:*.*
Files DOS Attr NetWare Attr Status Filter Rights
---------------------------------------------------------
DP.BAT [Rw---A] [-----------] --- [SRWCEMFA][SRWCEMFA]
DPG.EXE[Rw---A] [-----------] Co- [SRWCEMFA][SRWCEMFA]
HE.BAT [Rw---A] [-----------] Co- [SRWCEMFA][SRWCEMFA]
NOV.EXE[Rw---A] [-----------] Co- [SRWCEMFA][SRWCEMFA]
QCOPY [Rw---A] [-----------] Cc- [SRWCEMFA][SRWCEMFA]
READ.ME[Rw---A] [-----------] Co- [SRWCEMFA][SRWCEMFA]
RIG.TXT[Rw---A] [-----------] Co- [SRWCEMFA][SRWCEMFA]
GO.TXT [Rw---A] [-----------] Co- [SRWCEMFA][SRWCEMFA]
XCOPY [Rw---A] [-----------] Cc- [SRWCEMFA][SRWCEMFA]
COP.BAT[Rw---A] [-----------] --- [SRWCEMFA][SRWCEMFA]
COPY.EXE[Rw---A][-----------] Cc- [SRWCEMFA][SRWCEMFA]
Directories = Directories contained in this path
Attribute = Directory attributes
Filter = Inherited Rights Filter
Rights = Effective Rights
Created = Date directory was created
Owner = ID of user who created the directory
GEORGIE/SYS:*.*
Dir Attrib Filter Rights Created Owner
---------------------------------------------------------
APPS [-----][SRWCEMFA][SRWCEMFA] 4-12-93 3:16p GEORGIE
KELCH[-----][SRWCEMFA][SRWCEMFA] 8-30-93 9:11a ED
LOGIN[-----][SRWCEMFA][SRWCEMFA] 4-12-93 8:35a SUPERVISOR
STASH[-----][SRWCEMFA][SRWCEMFA] 8-26-93 8:24a ED
SYSTEM[----][--------][SRWCEMFA] 4-12-93 8:35a SUPERVISOR
NEFF [-----][SRWCEMFA][SRWCEMFA] 8-18-93 9:41a KELCH
USERS[-----][SRWCEMFA][SRWCEMFA] 4-12-93 8:55a GEORGIE
V [-----][SRWCEMFA][SRWCEMFA] 9-29-93 1:32p ED
5,062,834 bytes (2,899,968 bytes in 177 blocks allocated)
10 Files
8 Directories
The NLIST USER /A Command
Purpose: Used to view a list of users logged into the current NDS context.
Syntax: NLIST USER /A
Information Provided:
The current NDS context. The user's connection number. The login name of the user. The network address. The network node. The time when the user logged in.
Example Command and Output:
F:\>NLIST USER /A Searching: O=DBMAIN Object Class: user Current context: O=DBMAIN Conn = The server connection number * = The asterisk means this is your connection User Name = The login name of the user Address = The network address Node = The network node Login time= The time when the user logged in User Name Address Node -------------------------------------------------------- Admin [ 1030000] [ 1B1E436C] ED [ 1030000] [ 1B1E436C] Macan [E0F0C94D] [ 1B1E3D02] *TODDH [ 1030000] [ 80C72EA562] A total of 4 user objects was found in this context. A total of 4 user objects was found.
The NLIST USER /B Command
Purpose: Used to view a list of users defined to the default or specified server.
Syntax: NLIST USER /B=[server name]
Information Provided:
The default or specified server. The user login name The full name of the user The account is disabled status The date the account will expire The passwords are required setting The date the password expires The unique password required setting The minimum password length The maximum concurrent connections, 0 if no limit
Example Command and Output:
F:\>NLIST SERVER /B=GEORGIE Object Class: user Known to Server: GEORGIE Login name= The user login name Full name = The full name of the user Dis = Yes if the account is disabled Expires = The date the account will expire Pwd = Yes if passwords are required Expires = The date the password expires Uni = Yes if unique passwords are required Min = The minimum password length Conn = The maximum concurrent connections, 0 if no limit Login Name Dis Expires Pwd Expires Uni Min Conn --------------------------------------------------------- SUPERVISOR No 0-00-00 No 0-00-00 No 0 0 ADMIN No 0-00-00 No 0-00-00 No 0 0 STASH No 0-00-00 No 0-00-00 No 0 0 NEWUSER No 12-25-93 No 0-00-00 No 0 2 KVANE No 0-00-00 No 0-00-00 No 0 0 IAUDIT No 0-00-00 No 0-00-00 No 0 0 KELCH No 0-00-00 No 0-00-00 No 0 0 ISPY No 0-00-00 No 0-00-00 No 5 0 JGOODGUY No 0-00-00 No 1-05-93 No 6 0 MACAN No 0-00-00 No 0-00-00 No 0 0 DBMAINADMIN No 0-00-00 No 0-00-00 No 0 0 BLAKE No 0-00-00 No 0-00-00 No 0 0 RICH No 0-00-00 No 0-00-00 No 0 0 MARIA No 0-00-00 No 0-00-00 No 0 0 GAMAL No 0-00-00 No 0-00-00 No 0 0 KEN No 0-00-00 No 0-00-00 No 0 0 TODDH No 0-00-00 No 0-00-00 No 0 0 A total of 17 user objects was found on Preferred Server GEORGIE.
The RIGHTS /T Command
Purpose: Used to view the trustee list of a file or directory in the default or pathed directory.
Syntax: RIGHTS [path] /T
Information Provided:
File The file server and volume. The user trustees to the file. The user's trustee rights. The group trustees to the file. The group's trustee rights.
Directory The file server and volume. The user trustees to the directory. The user's trustee rights. The group trustees to the directory. The group's trustee rights.
Example Command and Output:
File
F:\TODDH>RIGHTS *.* /T
GEORGIE\SYS:TODDH\GL1231.DOC
User trustees:
CN=TODDH.O=DBMAIN [ R F ]
----------
No group trustees have been assigned.
Directory
F:\>RIGHTS /T
GEORGIE\SYS:PROD\ACCOUNT
User trustees:
CN=ISPY.O=DBMAIN [ R F ]
CN=Myron.O=DBMAIN [ R F ]
----------
Group trustees:
CN=ACCOUNTING.O=dbmain [ RW F ]
The NLIST GROUP Command
Purpose: Used to view groups contained within the current NDS context.
Syntax: NLIST GROUP
Information Provided:
The current NDS context. The group contained in the NDS context. The group description.
Example Command and Output:
F:\>NLIST GROUP Searching: O=dbmain Object Class: group Current context: O=dbmain Group name = The name of the group Description= The description of the group Group Name Description -------------------------------------- CN=ACCOUNTING CN=FINANCE Two group objects were found in this context. Two group objects were found.
NLIST ORGANIZATION SHOW "LOGIN SCRIPT" Command
Purpose: Used to view the login scripts of organizations within the current NDS context.
Syntax: NLIST ORGANIZATION SHOW "LOGIN SCRIPT"
Information Provided:
The current context. The organizations within the current context. The organization's login script associated with each organization.
Example Command and Output:
F:\>NLIST ORGANIZATION SHOW "LOGIN SCRIPT"
Searching: [Root]
Current context: [Root]
Organization: O=DBMAIN
Login Script:
map ins s1:=georgie_sys:\public
map ins s3:=georgie_sys:\apps\pdox40
map ins s16:=georgie_sys:\apps\wp60
map H:=georgie_sys:\users\%LOGIN_NAME\PDOX
-------------------------------------------
Organization: O=Europe
Login Script:
map ins s1:=georgie_sys:\public
-------------------------------------------
A total of 2 organization objects was found in this context.
A total of 2 organization objects was found.
The CX /T /ALL Command
Purpose: Used to view the NDS tree within the current NDS context.
Syntax: CX /T /ALL
Information Provided:
Directory Services Mapping
Example Command and Output:
F:\>CX /T /ALL
*** Directory Services Mapping ***
[Root]
O=DBMAIN
CN=DBDUDE
CN=Admin
CN=DBDUDE_SYS
CN=DBDUDE_VOL1
CN=mba
CN=Kelch
CN=Macan
CN=Blake
CN=Q3
OU=NEW1
CN=DbMainAdmin
CN=public
OU=new2
CN=USER_TEMPLATE
CN=glip
CN=TODDH
CN=HP2
CN=ACCOUNTING
CN=q4
O=US
OU=Audit
OU=Chicago
OU=GeorgeSYS
CN=ChiEE
OU=NewYork
CN=NYEE
CN=AuditAdmin
CN=public
OU=Tax
OU=Consulting
O=Europe
CN=EuropeAdmin
NLIST ORGANIZATION SHOW "DETECT INTRUDER" Command
Purpose: Used to view the "Detect Intruder" settings for organizations within the current NDS context.
Syntax: NLIST ORGANIZATION SHOW "DETECT INTRUDER"
Information Provided:
The current context The organizations found within the current context. The "Detect Intruder" settings associated with each organization.
Example Command and Output:
F:\>NLIST ORGANIZATION SHOW "DETECT INTRUDER" Searching: [Root] Current context: [Root] Organization: O=DBMAIN Detect Intruder: False ------------------------------------------------- One organization object was found in this context. One organization object was found.
The NLIST GROUP SHOW "MEMBER" Command
Purpose: Used to view the groups defined within the current NDS context and the members of each group.
Syntax: NLIST GROUP SHOW "MEMBER"
Information Provided:
The current NDS context The groups within the current NDS context The group members associated with each group.
Example Command and Output:
F:\>NLIST GROUP SHOW "MEMBER" Searching: O=dbmain Object Class: group Current context: O=dbmain Name: CN=ACCOUNTING Member: ED Member: GAMAL Member: KELCH Member: STASH Member: HEEMSOTH One group object was found in this context. One group object was found.
Bibliography
Security
IBM International Technical Support Center. 1989. Communications Security: "IN-HOUSE" Cable and Line Considerations. Document Number ZZ81-0232 (December).
IBM International Technical Support Center. 1989. Introduction to System and Network Security: Considerations, Options, and Techniques. Document Number GG24-3451.
Institute of Internal Auditors. 1993. Codification of Standards for The Professional Auditor.
Institute of Internal Auditors. 1991. Systems Auditability and Control.
Jamieson, Roger, and Graham Low. 1989. "Security and Control Issues in Local Area Network Design." Computer and Security Volume 8 Number 4: 305-316.
Levy, Steven. 1984. Hackers - Heros of the Computer Revolution. Garden City: Anchor Press/Doubleday.
Pfleeger, Charles P. 1989. Security in Computing. Englewood Cliffs: Prentice Hall.
Stoll, Clifford. 1989. The Cuckoo's Egg. New York: Doubleday.
CSC-STD-001-83, Department of Defense Trusted Computer System Evaluation Criteria. December 1985.
NCSC-TG-001, A Guide to Understanding Audit in Trusted Systems. June 1, 1988.
NCSC-TG-017, A Guide to Understanding Identification And Authentication in Trusted Systems. September 1, 1991
NCSC-TG-024, A Guide to Procurement of Trusted Systems: Language for RFP Specifications and Statements of Work - An Aid to Procurement Initiators. June 30, 1993.
164-000030-015, NetWare Security: Configuring and Auditing a Trusted Environment. A Novell Cooperative Research Report, Novell Research, 1991
Networks
Bates, Regis J. "Bud". 1994. Disaster Recovery for LANs. McGraw-Hill, Inc.
Berson, T.A. 1989. Local Area Network Security. Springer-Verlag.
Comer, Douglas E. 1988. Internetworking with TCP/IP - Principles, Protocols, and Architecture. Englewood Cliffs: Prentice Hall.
Conard, James W., ed. 1989. Handbook of Communication Systems Management. Boston: Auerbach Publishers Inc.
Conard, James W. ed. 1989. Handbook of Communication Systems Management - 1989 Yearbook. Boston: Auerbach Publishers Inc.
Day, Michael, and Ken Neff. 1991. Troubleshooting NetWare for the 386, M&T Books.
Derfler, Frank Jr. 1991. PC Magazine Guide to Using Netware, Ziff-Davis Press.
"EDP Auditor Journal, The." Illinois: The EDP Auditors Foundation, Inc., Volume III, 1989.
Fitzgerald, Jerry. 1993. Business Data Communications - Basic Concepts, Security, and Design. New York: John Wiley and Sons.
Herbon, Gamal B. 1994. Designing NetWare Directory Services J. M&T Books.
Jensen, Randall W. and Charles C. Tonies. 1979. Software Engineering. Prentice-Hall.
"LAN Technology." 501 Galveston Dr., Redwood City, CA.: M&T Publishing, Inc., all issues.
Liebing, Edward. 1993. NetWare User's Guide. M&T Books.
Martin, James, et al. 1989. Local Area Networks - Architectures and Implementations. Englewood Cliffs: Prentice Hall.
Perlman, Radia. 1992. Interconnections. Addison-Wesley.
Stallings, William. 1990. The Business Guide to Local Area Networks. Carmel: Howard W. Sams and Company.
479-000063-001, Network Backup, Novell Research, 1990
164-000032-004, Special NetWare 4.0 Edition, NetWare Application Notes April 1993, Novell Research, April 1993.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.