CSIS171-1

5 Types of security

1. Server Console security-whcich controls acces to the server console screen.

2. Login secruity whichg consists of user accounts, passwords, login tima restrictions, password restrictions, ect...

3. Printing secrutiy whic contols a users ability to print.

4. File systems security which controls which files and directories a user of group of useres can access.

5. NDS Security whichi controls access to NDS Objects and Directory.

Trustee-File system rights.

File system security as appleis to NDS

1. Trustee assignments

2. Inheritance of rights down the Tree.

3. Inheritance Rights Filter

4. effetive Richts

(trustee rights<explicit rights>)

+Inherited

-Filter

_________

Effective

IRF - Inherited Rights Filter

__________________________________

Netware has no drive letters---has volums.

Mapping volumes-

FILE SYSTEM SECURITY

Trustee Rights

-Assigned to useres, groups, containers,etc....

- Controls what a trustee can or connot to a file or a directory.

-Inherited unless blocked by an IRF

- Cumulative

If grop A has (RF) and Group b has (WCE), tehat users effective rights would be (RFWCE).

W.RFACES

TRUSTEE File System RIGHTS

Read - R - Readse files and dierectories in the directory. reads contents of the file

Write - W - Change teh contents of the finel and urectories

Erease - E - Delete that drecroty

Create - C - Create new subdirectories and files. Salvage a file if the deleateed

Modify - M - Rename file or change attributes of a file, Chae the neme oand dircectory and file attributes.

File Scan - F - See teh name of tfile and subdirecrtoiee within a directory. See the name of the file with in a direcorty.

Access Control - A - Modify the trustee of that file

Supervisor - S - grants all cannot be blocked by IRF.

File Attribures

- Similar to DOS attributes but more extensive

- Conrols access to a file or directory regardless of th user or groups accessing the file (i.e. applies to everyone)

IRF - Inherated Rights Filter

***States what is passed NOT what will be blocked***

INTRUDER DETECTION

- Protects against password guessing. After a set number of grace longin attemps, a usre account will be disabled for variable amount of time.

*Setup the owrkstation user enviroment after a successful lognin, Includeing.

- Mapping drives

- Captureing Printers

- Running programs

*Has become less importeant with the advent of non DOS reliant OS (WIN (X 2k,XP)

*Four Types

- Container

- Profile

- User

- Default

*Order

- Container

- Profile

- User

- Default

*Settings mad in the Highter loginscript can be overwritten in a lowere lavel login script

CONTAINER LOGIN SCRIPT

*Applies to all user in the immediate container, conatainer login script are not INHERITED

*Used dto establich common drive mapping,captures. etc...

PROFILE LOGIN SCRIPT

*Profile login scrips are similar to container login scripts in thtat tahey cna apply to multiple useres but profile login scripts can apply to users differnt conatiners.

***Profile object needs to be created first.****

***Each Uesr can only be assouciated with one profile***

USER LOGIN SCRIPT

*contains setting for a specific user

*Try ot advid useing uer specifc login scripts

- Try to put all common setting in a container or profile login scrits

-Using user login scrpit adds to the complexity of troubleshootinf especially in larger enviromentts.

****User login Script will overwrite vontainer or profile login scripts.***

DRIVE MAPPINGS

-Associates a NetWare path to DOS, Windows-based drive letter

-Some older DOS and Windows programs, that do not support UNC paths, will require drive letters to work

-Drive letters can also be used to simplify file management for end users

EXAMPLE

map g:=class-fs-2/users:\dougf

map root h:=class-fs-2/users:\dougf

map n class-fs-2/apps:

map del g:

map

SEARCHING MAP DRIVES

-Same as normal drive mapping, except that it adds the mapped path to the DOS search path

-Not as important in non-DOS environments

Example:

map s1:=class-fs-2/sys:\public
map ins s1:=class-fs-2/sys:\public
map del s1:

CSIS171-2

DRIVE MAPPINGS

-Associates a NetWare path to DOS, Windows-based drive letter

-Some older DOS and Windows programs, that do not support UNC paths, will require drive letters to work

-Drive letters can also be used to simplify file management for end users

EXAMPLE

map g:=class-fs-2/users:\dougf

map root h:=class-fs-2/users:\dougf

map n class-fs-2/apps:

map del g:

map

SEARCHING MAP DRIVES

-Same as normal drive mapping, except that it adds the mapped path to the DOS search path

-Not as important in non-DOS environments

Example:

map s1:=class-fs-2/sys:\public
map ins s1:=class-fs-2/sys:\public
map del s1:

NETWARE FILESYS REFERENCE

-NetWare like most non-Microsoft operating systems does not use drive letters to reference its file system

-NetWare uses volumes as the top of its directory structure

-Below the volume-level, the file system is similar to that of Microsoft, directories, and subdirectories within directories

UNC PATHING

Universal Naming Convention

Works on all “current” Microsoft operating systems:

Windows 95/98/Me

Windows NT/2000 (Workstation and Server)

Windows XP (Workstation and Server)

Independent of drive letters

EXAMPLES

UNC Path

\\Server\Volume\directory\subdirectory\subdirectory

\\class-fs-2\apps\msoff2k

\\class-fs-2\data\budgets

Netware Files System Reffernve

NetWare Specific

Server/Volume:\directory\subdirectory\subdirectory

UNC Path

\\Server\Volume\directory\subdirectory\subdirectory

exp:

\\class-fs-2\apps\msoff2k

PRINTER CAPTUREING

-Redirects a local parallel port to a network printer queue

-Applications can continue to send print jobs to lpt1, but the Novell client software will “capture” and redirect the print job to the server. The server then sends the job to the printer.

-Has become less important with the advent of non-DOS reliant operating systems (Win 9x, NT, 2000, XP)