home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
PC Direct 1995 May
/
PC Direct CD-ROM (May 1995).ISO
/
ipe
/
protec
/
manual
/
chap1.txt
next >
Wrap
Text File
|
1994-08-12
|
11KB
|
225 lines
Chapter 1
PROTEC NET Overview
PROTEC NET for Novell NetWare extends security
from the file server down to the workstation. It
is designed to protect workstations from
unauthorized access and to limit or prohibit
access to sensitive information located on the
workstation. Specifically, security may be
configured to prevent accidental or malicious
deletion, software and information piracy and
unauthorized manipulation of data in memory or on
disk. At the same time, it tracks DOS and PROTEC
NET events providing detailed audit reports of
workstation activity.
To provide security while minimizing
administration overhead, PROTEC NET integrates
closely with Novell NetWare and makes use of its
groups, users and passwords. Further, PROTEC NET
deploys all workstation security centrally from
the workstation's Security Server. A Security
Server is a name to identify a file server that
contains all programs and data needed by PROTEC
NET to configure and install workstation security.
Supervisors set access rights for workstations
within PROTEC NET using NetWare groups. Just like
Novell NetWare, users may be assigned to multiple
groups and any modifications to a group affect
only its users, making modification and
installation of security elementary.
Once installed onto a workstation, a user can only
access this PROTEC NET workstation and any
available servers through PROTEC NET's Login
screen. Users are required to sign onto a PROTEC
NET workstation using their Novell NetWare user
name and password. Once verified as an authorized
NetWare user, PROTEC NET allows access to the
workstation and its resources if granted to do
so.Permissions.
============================================
Users, Groups and Group Access Permissions
============================================
There are two types of users, supervisors and
users. A supervisor is the NetWare supervisor or
a user with supervisor security "equivalence" as
defined through Novell NetWare and is allowed
access to any PROTEC NET workstation. Supervisors
are responsible for configuring workstation
security. Users, groups and passwords are not
managed by PROTEC NET. Instead, supervisors must
install users, groups and passwords through
NetWare's Syscon utility.
Any user who can access a PROTEC NET workstation
must be installed as a NetWare user of a Security
Server. The server containing user workstation
privileges is designated as a user's Primary
Server. PROTEC NET uses the Primary Server to
retrieve a user's access rights during signon.
Each user, excluding a supervisor, must be
assigned a Primary Server to gain access to a
PROTEC NET workstation. If a user is assigned a
Primary Server but does not belong to a NetWare
group on the server, he is allowed full access to
the workstation. Refer to Maintaining a Secure
System for information on protecting the Security
Server.
Once established as NetWare user, user security
can be defined through the Security program,
PSECURE.EXE. User security for workstations is
organized through NetWare groups. Users must be
assigned to a Novell NetWare group to limit access
to a workstation. These access rights are called
Group Access Permissions. If needed, multiple
groups may be created within NetWare to define
workstation security. For information on
configuring Group Access Permissions, refer to
User Security and How Permissions are Evaluated.
When installed, PROTEC NET automatically installs
the group PROTEC_GROUP and the user PROTEC_USER
into the Security Server. All users must belong to
the PROTEC_GROUP so that PROTEC NET may record
user activity and update user and workstation
security properly. The PROTEC_USER assists PROTEC
NET with password synchronization between multiple
servers. Both the PROTEC_USER and the
PROTEC_GROUP should not be deleted. If either has
been removed, refer to PRIMSRVR.EXE for
instructions on reinstallation.
=========================================
Security Servers and Password Management
=========================================
A Security Server is a file server that contains
all programs, data and login script modifications
needed by PROTEC NET to configure and install
workstation security. A Security Server should
not infer that the server is designated for PROTEC
NET use only. PROTEC NET must be installed on
each server if its users are signing onto a PROTEC
NET workstation.
Each Security Server is responsible for recording
every workstations' network address and provides
programs to administer workstation security
centrally. PROTEC NET uses NetWare's System Login
Script to aid in this task. PROTEC NET inserts
its administrative programs, the NET Script
programs, into the System Login script. Each time
a user logs onto the system, the NET Script
programs ensure the workstation resources have
been recorded, and install or update security as
scheduled. As defined by NetWare, only
supervisors may modify the System Login Script.
For information on modifying the System Login
Script modifications, refer to Server
Installation.
Further, PROTEC NET supplies its set of Login
programs, LOGIN.EXE, LOGOUT.EXE and MAP.EXE.
These programs are Novell NetWare compatible but
have been created to be PROTEC NET "aware."
Specifically, LOGIN.EXE interprets additional
login script commands that minimize password
management between file servers. Passwords may be
synchronized from one file server to another and
passed automatically between servers using its
synchronization, single signon and attach
commands. PROTEC NET's single signon command
allows users to attach to other servers without
having to specify a user's name and password
within a user login script.
Other PROTEC NET script commands are provided to
assist in security setup. Refer to Login Commands
for Novell NetWare for more information.
==================
How Security Works
==================
This section assumes that a Security Server has
been established and the NetWare System Login
Script has been modified properly to include
PROTEC NET Script programs. When a user signs
onto the Security Server for the first time,
PROTEC NET records the workstation's network
address and creates a directory tree of resources.
Once the network address is recorded, the
supervisor may schedule PROTEC NET to be installed
onto the workstation using the Security program
PSECURE.EXE.
Once installed onto a workstation, a user must log
onto PROTEC NET before gaining access to the
workstation. This workstation may be referred to
as a PROTEC NET workstation. He is required to
specify his Primary Server and to enter his user
name and password associated with it. If a user
has not been assigned a Primary Server, he may not
access any PROTEC NET workstation.
A PROTEC NET workstation remains as an Open system
until a supervisor restricts access. This design
intends to make workstation installation
transparent to the user while security is
configured in the background by a supervisor.
Since the system is Open, you may want to review
information provided in Maintaining a Secure
System.
Once a user is verified as an authorized user,
PROTEC NET configures permissions for a user and
executes NetWare's System and user login scripts.
This means that each NET Script program runs and
performs the necessary security functions
scheduled by a supervisor each time the user logs
onto the workstation, thereby maintaining a secure
workstation. If a user logs off the network using
LOGOFF.EXE, workstation permissions remain in
effect until a new user signs onto the PROTEC NET
Login screen or reboots the system.
===============================
Workstation Security Flow Chart
===============================
This chart displays how security is maintained and
secured after PROTEC NET is installed onto the
workstation assuming NetWare's System Login Script
has been modified to include PROTEC NET Script
programs.