[PLUG] NetWare & Linux?

Steven A. Adams stevea at nwtechops.com
Tue Apr 15 17:09:01 UTC 2003


On Tue, 2003-04-15 at 16:28, Paul Heinlein wrote:
> On Tue, 15 Apr 2003, Schlosser, Ryan wrote:
> 
> > Specific Netware feature(s) I'd like to see replicated elsewhere: 
> 
> [snip lots of good comments]
> 
> 3) Netware's security record. From what I can tell, there just aren't 
>    that many known vulnerabilities. It may be security through 'who 
>    cares?' -- but my hunch is that there's more to it than that.
> 
> --Paul Heinlein <heinlein at attbi.com>
> 

Novell, for the longest time, was a staunch supporter of the IPX
protocol. Only with Netware 5 did they finally get close to out of that
protocol and even then it was still - in most installations - required
internally to the server. Not connecting to an IP network with native IP
throws up a giant roadblock to those would-be crackers with an eye on
cnn.com. There were a few known exploits associated with the
BorderManager product (Novell's proxy/firewall product offering) but
they were short-lived since the folks in Provo jumped on those issues
straight away.

Also, the product followed a strict adherence to certain code practices.
For the most part there was only one compiler that would allow properly
built NLMs, and only those NLMs that were built on this compiler were
honored by the OS. For the life of me I can't remember the name of that
compiler (senior moment I guess). This practice put virus, worm and
root-kit(ish) code to a non-existent state on Netware - the compiler was
very expensive. I do know that they have backed off on that a little in
NW5 and up with the allowance for .DLL code (but there are still strict
code practices so not just any M$ junk DLL will run). Of course, all of
this just rat-holed Netware, who wants a server that requires this much
overhead to run applications.

Another thing that kept them tight was the BSD style of "install
nothing, give no rights". Adding users meant that the user had nothing
until you gave it rights. Adding the OS meant that it was a pristine
environment, you had a file server without permissions until you added
services and data.


-- 
Steven A. Adams <stevea at nwtechops.com>





More information about the PLUG mailing list