Data Security

The whole point of eDirectory-based security concepts such as authentication and authorization is to provide a secure environment within which data can be used and protected. The mantra of the 21st century is "information is power," and you want to be sure you aren't sharing your competitive advantage with your competitors .

NetWare 6.5 leverages eDirectory to extend the idea of authorization to the server file system. The NetWare file system is manageable through the Server, Volume, Folder, and File objects in eDirectory. In this way, you can manage file access through the same tools used to manage the rest of your network.

You can implement two types of security tools in the file system, either together or separately, to protect your files:

Trustee rights: These are equivalent to entry rights for eDirectory objects. Trustee rights define the possible actions that can be taken with Volume, Folder, and File objects, and who or what can perform those actions.
Attributes: Unlike trustee rights, which define acceptable behavior for different users and groups, attributes define the characteristics of individual Volume, Folder, or File objects. Because attributes trump trustee rights, they control the activities of all users, regardless of which trustee rights are assigned.

File System Trustee Rights

File system trustee rights allow users and groups to work with files and directories in specific ways. Each right determines whether a user can do things such as see, read, change, rename, or delete the file or directory. File system rights obey inheritance rules just like directory rights. When rights are assigned to a file, they define a user's allowable actions for that file only. When rights are assigned to a directory, they affect a user 's allowable actions on not only the directory itself but also everything stored within that directory.

Although file system rights are similar in nature to the eDirectory rights for objects and properties (described earlier in this chapter), they are not the same thing. File system rights are separate from eDirectory rights. They affect only how users work with files and directories. eDirectory rights affect how users work with other eDirectory objects.

There are eight file system trustee rights. You can assign any combination of those file system rights to a user or group, depending on how you want that user or group to work.

Table 6.4 describes the available file system rights and how they affect directory and file access.

Table 6.4. File System Rights

FILE SYSTEM RIGHT	ABBREVIATION	DESCRIPTION
Read	R	Directory: Allows the trustee to open and read files in the directory. File: Allows the trustee to open and read the file.
Write	W	Directory: Allows the trustee to open and write to (change) files in the directory. File: Allows the trustee to open and write to the file.
Create	C	Directory: Allows the trustee to create subdirectories and files in the directory. File: Allows the trustee to salvage the file if it was deleted.
Erase	E	Directory: Allows the trustee to delete the directory and its files and subdirectories. File: Allows the trustee to delete the file.
Modify	M	Directory: Allows the trustee to change the name , directory attributes, and file attributes of the directory and its files and subdirectories. File: Allows the trustee to change the file's name or file attributes.
File Scan	F	Directory: Allows the trustee to see the names of the files and subdirectories within the directory. File: Allows the trustee to see the name of the file.
Access Control	A	Directory: Allows the trustee to change the directory's IRF and trustee assignments. File: Allows the trustee to change the file's IRF and trustee assignments.
Supervisor	S	Directory: Grants the trustee all rights to the directory, its files, and its subdirectories. It cannot be blocked by an IRF. File: Grants the trustee all rights to the file. It cannot be blocked by an IRF. Note that an explicit Supervisor right can be added or removed only at the entry point to the file system (where you go from directory object to file system object).

Inheriting File System Rights

Just like eDirectory rights, file system rights can be inherited. This means that if you have file system rights to a parent directory, you can also inherit those rights and exercise them in any file and subdirectory within that directory. Inheritance keeps you from having to grant users file system rights at every level of the file system.

You can block inheritance by removing the right from the IRF of a file or subdirectory. As with directory objects, every directory and file has an inherited rights filter, specifying which file system rights can be inherited from a parent directory. By default, file and directory IRFs allow all rights to be inherited.

Inheritance can also be blocked by granting a new set of trustee rights to a subdirectory or file within the parent directory. As with the eDirectory rights, inherited and explicit file system rights are not cumulative. Explicit assignments replace the inherited rights from a parent directory.

File System Security Equivalence

Security equivalence for file system rights works the same way as security equivalence for eDirectory rights (explained earlier in this chapter). You can assign one user to have the same eDirectory rights and file system rights as another user by using the Security Equal To Me tab in an object's properties page.

NOTE

Remember: You are still subject to the shortcomings of security equivalence as described previously.

File System Effective Rights

Just as with eDirectory rights, determining which file system rights a user can actually exercise in a file or directory can be confusing at first. A user's effective file system rights are the file system rights that the user can ultimately execute in a given directory or file. The user's effective rights to a directory or file are determined in one of two ways:

A users' inherited rights from a parent directory, minus any rights blocked by the subdirectory's (or file's) IRF
The sum of all rights granted to the user for that directory or file through direct trustee assignment and security equivalences to other users

Working with File System Trustee Rights

iManager can't yet take you into the NetWare file system. You can assign rights at the volume level, but not at the directory or file level. Use ConsoleOne to work with file system rights. To see or change a user's trustee assignments, complete the following steps:

Launch ConsoleOne and browse to the point in the file system, volume, folder, or file with which you want to work.
Right-click the folder/file and select Properties. Select the Trustees tab.
Click Effective Rights. Browse to the User object for which you want to view file system rights and click OK.
The user's effective rights will be listed in black type, as shown in Figure 6.10.

Figure 6.10. Working with file system trustee rights in ConsoleOne.

You can make a user a trustee of a File System object by doing the following:

From the Trustees page, click Add Trustee. Browse to the desired User object and click OK.
Check those explicit file system rights that you want to grant the user and click OK.

If the user is already a trustee, simply highlight the appropriate User object in the Trustees window and perform step 2.

Changes to explicit security equivalence are done using the same process described previously in the "Authorization" section of this chapter.

File and Directory Attributes

Another important NetWare security tool for securing files and directories is attributes. Attributes are properties of files and directories that control what can happen to those files or directories. Attributes, which are also called flags , are different from trustee rights in several ways:

Attributes are assigned directly to files and directories, whereas rights are assigned to users.
Attributes override rights. In other words, if a directory has the Delete Inhibit attribute, you can't delete the directory even if you've been granted the erase right.
Likewise, attributes don't grant rights. Just because a file has the read-write attribute doesn't mean you can write to it if you don't have the Write right.
Attributes affect all users, including the Admin user.
Attributes affect some aspects of the file that rights do not, such as determining whether the files in a directory can be purged immediately upon deletion.

Knowing these distinctions between file attributes and trustee rights will help you better understand the behavior of the NetWare file system.

File and Directory Attribute Types

There are eight attributes that apply to either files or directories. There are an additional six that apply only to files. These attributes are listed in Table 6.5.

Table 6.5. File and Directory Attributes

ATTRIBUTE	FILE	DIRECTORY	DESCRIPTION
Archive needed	X		Indicates that the file has been changed since the last time it was backed up.
Execute-only	X		Prevents an executable file from being copied , modified, or deleted. Use with caution! Once assigned, it cannot be removed, so assign it only if you have a backup copy of the file. You may prefer to assign the Read-only attribute instead of the Execute-only attribute.
Read-only	X		Allows the file to be opened and read, but not modified. All NetWare files in `SYS:SYSTEM` , `SYS:PUBLIC` , and `SYS:LOGIN` are read-only. Assigning the Read-only attribute automatically assigns delete inhibit and rename inhibit.
Sharable	X		Allows the file to be used by more than one user simultaneously . Useful for utilities, commands, applications, and some database files. All NetWare files in `SYS:SYSTEM` , `SYS:PUBLIC` , and `SYS:LOGIN` are shareable. Most data and work files should not be shareable, so that users' changes do not conflict.
Hidden	X	X	Hides the file or directory so it isn't listed by the `DOS DIR` command or in the Windows File Manager and can't be copied or deleted.
System	X	X	Indicates a system directory that might contain system files (such as DOS files). Prevents users from seeing, copying, or deleting the directory. (However, does not assign the System attribute to the files in the directory.)
Transactional	X		When used on database files, allows NetWare's Transaction Tracking System (TTS) to protect the files from being corrupted if the transaction is interrupted .
Purge immediate	X	X	Purges the file or directory immediately upon deletion. Purged files can't be salvaged.
Delete inhibit	X	X	Prevents users from deleting the file or directory.
Rename inhibit	X	X	Prevents users from renaming the file or directory.
Don't migrate	X	X	Prevents a file or directory from being migrated to another storage device.
Immediate compress	X	X	Compresses the file or directory immediately.
Don't compress	X	X	Prevents the file or directory from being compressed.
Don't suballocate	X		Prevents a file from being suballocated. Use on files, such as some database files, that need to be enlarged or appended to frequently. (See Chapter 8 for information on block suballocation.)

Assigning File and Directory Attributes

To assign attributes to a file or directory, complete the following steps:

Launch ConsoleOne and browse to the folder or file with which you want to work.
Right-click the object and select Properties.
Select the Attributes tab, which is shown in Figure 6.11. Check the desired attributes and select OK to accept your changes.

Figure 6.11. Working with the file and folder attributes in ConsoleOne.

There are three File Status boxes on the Attributes page. These are informational and indicate the following:

File Compressed: Indicates whether the selected file or folder is stored in a compressed format on the NetWare volume.
Can't Compress: Indicates that selected file compression would not achieve any significant space savings on this file.
File Migrated: Indicates that the selected file has been moved to a secondary storage system, such as tape.

Login Scripts

One other point of interaction between directory and file system is the login script. The eDirectory login script is a batch file that outlines basic operations that should be performed every time the user logs in to the network. Login script operations can include environment variables , drive mappings, program execution, and message display. Details of login script operation and configuration are available in Appendix B.

NCP Packet Signature

NCP Packet Signature is a feature designed to prevent a would-be hacker from spoofing a network connection. Spoofing involves hijacking a connection by forging network packets that appear to be from a legitimate user connection. This feature requires workstations and servers to automatically "sign" each NCP packet with a signature and to change the signature for every packet.

Packet Signature is an optional security feature and can slow down network performance on busy networks. Because spoofing requires access to a physical network connection, you might prefer not to use packet signatures if your network is in a relatively trusted environment, or if the threat of intruders stealing sensitive information is low.

There are four levels of NCP Packet Signature, which must be set on both workstations and servers. If the levels on the workstation and server don't form an allowable combination, the two computers will not be able to communicate with each other.

To set the signature level on a server, launch NoRM and select Set Parameters in the left navigation frame. Select NCP in the right frame. Look for NCP Packet Signature Option. You can also set the packet signature level from the server console prompt by typing:

 SET NCP PACKET SIGNATURE OPTION=  number

Replace number with the signature level (0 through 3) you want the server to use. After the server has been booted , you can execute the SET command to increase the signature level. If you want to decrease the level, however, you have to reboot the server. Table 6.6 shows the NCP Packet Signature levels.

Table 6.6. Server Levels for NCP Packet Signature

LEVEL	DESCRIPTION
	Does not sign packets
1	Signs packets only if so requested by other entity
2	Prefers to sign packets, but will still communicate with an entity that cannot sign
3	Both entities must sign packets

To set the signature level on a Windows workstation, complete the following steps:

Right-click the red N in the system tray and select Novell Client Properties.
Select the Advanced Settings tab and browse to Signature Level.
Select the appropriate level, 03, and click OK to save your changes.

Figure 6.12 shows how the signature levels on servers and workstations combine to either allow unsigned packets, force signed packets, or deny login.

Figure 6.12. Packet signature interactions between server and client.

graphics/06fig12.gif