Title: COSC573
1COSC573
- InstructorProfessor Anvari
- StudentShen Zhong
- ID 91871
- Summer semester,1999
- Washington.D.C
2A Comparison of the Security Architectures
ofMicrosoft Windows NT 4.0 and Novell
IntranetWare 4.11
- Architecture Overview
- The Network Client Workstation Architecture
- Network Client Workstation Security Requirements
- Network Client Architecture Comparison
- File Server Architecture
- File Server Architecture Comparison
- Enterprise Application Server Architecture
Comparison
3Architecture Overview
Windows NT Network Architecture
IntranetWare Architecture
4The Network Client Workstation Architecture
- Windows NT Workstation
- Client Software yes
- entrusted application yes
- Operating system in a separate execution domain
that applications cannot enter. Applications make
requests using well-defined programming
interfaces. - Communicate securely with servers--by Secure
Distributed Component Object Model and Secure
Sockets Layer.
- IntranetWare
- client Software no
- entrusted application difficult
- Operating system third party product--Sistex.
Not run the same software as the server, but it
can host any MS-DOS or Windows 3,1 based
application - Security kernel provides security--it intercepts
all references to files and devices.
5Network Client Workstation Security Requirements
Authentication,Access Control(ACL),Auditing,
(1)
Windows NT
IntranetWare
- Username/password
- by intercepting bus traffic
- No ACL on system objects
- cannot be tampered with by application
- auditing system is limited to events
- Username/password
- allows users to determine
- ACL covers all system objects
- can set ACL on the applications
- auditing more flexibility
6Network Client Workstation Security Requirements
Security Partitioning , Secure Authenticated
Clients , Secure
Communications , Security Management (2)
Windows NT
IntranetWare
the security subsystem is provided by add-on
hardware and, consequently, is separate from the
operating system IntranetWare does not provide
any facilities for authenticating clients on the
network IntranetWare uses packet signing to
create an unforgeable signature for every message
Application execute in the user domain,security
kernel execute in the kernel domain only
authenticated clients of Windows NT can join and
participate in the Windows NT domain Windows NT
provides built-in cryptographic technology for
secure communication.
7Network Client Architecture Comparison (1)
8Network Client Architecture Comparison (2)
9File Server Architecture Comparison
10Enterprise Application Server Architecture
- The ability to protect the operating
system and applications by implementing and
enforcing security partitions. - The ability to minimize risk by
allocating operating system privileges to
applications with a fine level of granularity and
control, resulting in the least amount of
privilege given to applications. - The ability to extend the trusted
perimeter by providing applications developers
with the facilities to incorporate proven
operating system security functionality into
applications.
11Enterprise Application Server Architecture
Comparison
12Conclusion(1)
It is clear that IntranetWare provides a secure
solution for file and print server requirements,
but in an enterprise network environment is
limited by the inflexibility of the file server
architecture. The need for a separate secure
client workstation, the inability to securely
host back-end applications on the server,and the
lack of consistency in the overall security model
make IntranetWare poorly suited for an enterprise
network platform, where security is a concern..
13Conclusion(2)
Windows NT provides not only secure file and
print services, but also 1 A
consistent set of security features available on
both Windows NT Workstation and
Windows NT Server. 2 A suite of
security functionality, including cryptographic
functions, that can be incorporated into
applications. 3A single set of security
abstractions across the entire network,
simplifying security administration.
The flexibility of the peer architecture, along
with improved authentication, auditing, security
partitioning, and manageability make Windows NT
an excellent solution for secure network
environments. Together, these features make
Windows NT the choice platform for modern
enterprise networks.
14Department of Computer Science