How to Secure a NetWare Server
A network is two or more computers and/or network devices (e.g., printer, switch, hub, router) connected to the Internet or a LAN. Because the NetWare server is connected to the Internet or to a local or wide area network, the emphasis for securing the data on this server is placed on physical security of the server, controlling access to the data directory, and protecting the data from unauthorized access across the wire.
Following are recommended steps to be taken to secure your sensitive data stored on a NetWare server. Because each environment is different, your server administrator should test the following steps before implementing on a production server! Most enterprise-wide servers have highly trained professionals managing them, so some or all of the following steps may already be implemented. If your network administrator is not able or willing to implement any of the following steps, simply state the reason in the accompanying form to describe your security plan.
Physical Security of a Server on a Network
- Secure the server on which your sensitive data resides in a locked room to which only authorized users have access.
Controlling Access to the Data
- Enable and password protect the screen saver on the desktop computer and activate after three minutes of inactivity.
- Create a separate NSS volume on which to store your
- Turn Data Shredding on
- Turn Salvage off
- Do not back up this NSS volume
- Restrict access to your sensitive data to project personnel using the security features available via the operating system (e.g., login via userid/password and eDIR trustee assignments).
- Limit access to data directories to authorized personnel on site (i.e., no access from off site).
- Require strong passwords. (Note vulnerabilities for accounts with no passwords or weak passwords)
Protecting the Data from Unauthorized Access Across the WireThe following are additional minimum steps you should take to secure your sensitive data on a server running NetWare 5 or 6 if the server is connected to the Internet or a network. (Be sure to test the following steps before implementing on a production server!)
- Turn off all unneeded services and disable unneeded network protocols.
- Disable the guest and anonymous account or assign secure passwords to these accounts.
- Create a new userid for administrative purposes or rename the admin userid.
- Install and maintain all OS and application security patches.
- Install antivirus software and keep the virus definition files updated.
- Configure your analysis software to point temporary work files to the encrypted sensitive data directory.
- Enable auditing.
- Audit Login success and failure.
- Audit failed attempts at exercising user privileges.
- Restrict access to the log files to administrator only.
- Check your logs often!
- Verify that various admin accounts (e.g., antivirus, backup, and UPS management accounts) have secure passwords.
- Do not copy or move your sensitive data out of the secured directory for any reason.