Transcript A Comparison of the Security Architectures of NT 4.0 & Novell 4.11

COSC573
Instructor:Professor Anvari
Student:Shen Zhong
ID#: 91871
Summer semester,1999
Washington.D.C
A Comparison of the Security Architectures of
Microsoft Windows NT 4.0 and Novell IntranetWare 4.11
Architecture Overview
The Network Client Workstation Architecture
Network Client Workstation Security Requirements
Network Client Architecture Comparison
File Server Architecture
File Server Architecture Comparison
Enterprise Application Server Architecture
Comparison
Architecture Overview
Windows NT Network Architecture
IntranetWare Architecture
The Network Client Workstation Architecture
Windows NT Workstation

Client Software
yes
 entrusted application
yes
 Operating system: in a
separate execution domain
that applications cannot
enter. Applications make
requests using well-defined
programming interfaces.
 Communicate securely with
servers--by Secure
Distributed Component
Object Model and Secure
Sockets Layer.



IntranetWare
client Software
no
 entrusted application
difficult
 Operating system: third party
product--Sistex. Not run the
same software as the server, but
it can host any MS-DOS or
Windows 3,1 based application
 Security kernel provides
security--it intercepts all
references to files and devices.
Network Client Workstation Security Requirements
Authentication,Access Control(ACL),Auditing,
(1)
Windows NT
IntranetWare
Username/password
Username/password
allows users to
determine
by
intercepting bus traffic
No
ACL on system objects
ACL
covers all system
objects
cannot
can
auditing

set ACL on the
applications
auditing
flexibility
more
be tampered with by
application
to events
system is limited
Network Client Workstation Security Requirements
Security Partitioning , Secure Authenticated Clients , Secure
Communications , Security Management
(2)
Windows NT
Application execute in the
user domain,security
kernel execute in the
kernel domain;
only authenticated clients
of Windows NT can join
and participate in the
Windows NT domain;
Windows NT provides
built-in cryptographic
technology for secure
communication.
IntranetWare
the security subsystem is
provided by add-on
hardware and, consequently,
is separate from the
operating system ;
IntranetWare does not
provide any facilities for
authenticating clients on the
network ;
IntranetWare uses packet
signing to create an
unforgeable signature for
every message
Network Client Architecture Comparison (1)
Network Client Architecture Comparison (2)
File Server Architecture Comparison
Enterprise Application Server Architecture




The ability to protect the operating system and
applications by implementing and enforcing security
partitions.

The ability to minimize risk by allocating operating
system privileges to applications with a fine level of
granularity and control, resulting in the least amount of
privilege given to applications.

The ability to extend the trusted perimeter by
providing applications developers with the facilities to
incorporate proven operating system security
functionality into applications.
Enterprise Application Server
Architecture Comparison
Conclusion(1)
It is clear that IntranetWare provides a secure solution for file and print
server requirements, but in an enterprise network environment is limited by
the inflexibility of the file server architecture. The need for a separate
secure client workstation, the inability to securely host back-end
applications on the server,and the lack of consistency in the overall security
model make IntranetWare poorly suited for an enterprise network
platform, where security is a concern..
Conclusion(2)
Windows NT provides not only secure file and print services, but also:

1: A consistent set of security features available on both Windows NT
Workstation and Windows NT Server.

2: A suite of security functionality, including cryptographic functions, that can
be incorporated into applications.
3:A single set of security abstractions across the entire network, simplifying
security administration.
The flexibility of the peer architecture, along with
improved authentication, auditing, security
partitioning, and manageability make Windows NT an
excellent solution for secure network environments.
Together, these features make Windows NT the choice
platform for modern enterprise networks.