S 4.154 Secure installation of the Novell eDirectory client software

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

After planning an eDirectory system (see S 2.236 Planning the use of Novell eDirectory) and installing the eDirectory servers (see S 4.153 Secure installation of Novell eDirectory), the eDirectory client software must be installed on the relevant computers. During the installation phase, the eDirectory client software configuration is not complete yet, and so the desired security settings are not enabled yet either. It is therefore recommended to perform the initial configuration either in a protected environment or to load a predefined, default configuration as an alternative.

The eDirectory client software installation naturally depends on the eDirectory servers used. The installation can only be considered complete after the client has connected to the server.

It is necessary to take security-relevant aspects into consideration during the installation of the eDirectory client software. In general, a standard installation will not meet the applicable security requirements, and so the software should be configured securely directly after installation.

Depending on the operating system used, there is different client software: Windows (the Novell client), Linux, and Sun Solaris. Once installation is complete, the eDirectory login screen is displayed (in Windows, the Novell client is displayed):

Figure: Login mask for eDirectory

The installation is not only restricted to the client software, but generally also affects the installation of the underlying operating system. Once again, the installation process can only be considered complete after having securely configured the operating system directly after having installed the operating system. Recommendations for the secure installation and configuration of the operating system can be found in the corresponding modules.

A secure installation configuration should be set up for each module that prevents access as long as the computer is in the initial configuration phase and until the specified security policies have been implemented. Additional recommendations on this subject can be found in S 4.156 Secure configuration of the Novell eDirectory client software.

Review questions:

• Are the security-relevant aspects also taken into consideration when installing the eDirectory client software?
• Is a secure installation configuration set up for each eDirectory module that prevents access as long as the computer is in the initial configuration phase and until the specified security policies have been implemented?