ASU Novell/Netware
Installation and Security

 Installation Guidelines

 Novell system administrators at ASU should follow the following naming conventions when installing a new Novell Netware server or peripherals that attach to a Netware server.

 Server Naming Conventions:
  • Server names should be meaningful. It is recommended that they contain the VP or college designation. Examples: VPSA_SIS1 or CEAS_ECS;
  • Internal IPX addresses should consist of the following information
  • Building number (2 digits)
  • Department Mail Code (4 digits)
  • Server number (2 digits – using HEX notation)
    Example: Server 45091201 is in building 45, mail code 0912, server 01.
  • Server IP naming convention will be used for organizational units.

 NDS Tree Naming Conventions:

Note: ASU provides a default NDS tree named "ASU"; contact Systems Integration and Management group in Information Technology for more information on joining this NDS tree.
  • Netware Directory Services (NDS) tree names should have "ASU" as the first part of the name followed by the VP or college designation. Examples:
    ASU_VPSA – for Vice President for Student Affairs NDS tree
    ASU_CEAS – for College of Engineering and Applied Sciences tree

 Peripheral Device Naming Conventions:
  • All peripheral devices that connect to a Netware server should use the VP or college designation as part of the name used on the network. Example: VPSA_SIS_HPDESKJET.

 Security:

 The following security guidelines are also recommended for Netware networks at ASU:

User Account Security

  • Require passwords for all user accounts;
  • Enforce LOGIN time restrictions and station restrictions where appropriate;
  • Assign the GUEST account a password;
  • Require minimum password length of six (6) characters;
  • Limit the number of concurrent connections for user accounts;
  • Force periodic password changes; e.g. every 90 days;
  • Require unique passwords.

 Supervisor/Admin Privileges
  • Limit the number of users with supervisor rights to server and NDS tree;
  • Don’t use supervisor ID except for application installation that requires such rights;
  • Use different accounts for supervisor equivalents (don’t assign supervisor equivalent rights to normally used user ID);
  • Set SUPERVISOR password for NEW 3.x installs (it has no password by default).

Operating System Security
  • Enable Packet Signatures option;
  • Enable Watchdog Timeouts;
  • Enable Advanced IPX/NLSP with RIP/SAP Compatibility (Netware 4.x);
  • Disable Set Allow Unencrypted Passwords;
  • Enable Intruder Detection Lockouts;
  • Remote console password should be different from Supervisor’s password;

Physical Security
  • Lock server console;
  • Remove DOS after server is loaded to prevent access to DOS partition;
  • Locate server in a secure location.

Miscellaneous:

  • Subscribe to the Novell-Q listserve (contact Jim@ASU.edu to be added to the list);
  • Participate in the ASU Novell Users Group;
  • Cooridinate NDS updates/upgrades with other system administrators on shared NDS trees;
  • When making signficant adds, moves and changes to NDS, servers or notify others by sending a note to Outages@ASU.edu and to Novell-Q@ASU.edu.

Send questions, comments, suggestions on this web page to Novell@ASU.edu

ASU Disclaimer | Page Last Updated: 7/1/98