Contents:
Part Seven:
Setting
Up Security Features
Even though all your users may be reliable and
knowledgeable in the use of the Communications Server, it is best to
restrict the privileged password to one or two people and set up non-privileged
ports for the rest of your users. You can further secure the Communications
Server by specifying a server login password, which you can enable for
some or all ports. (The default server login password is access.)
For example, you could change the server login
password with the following command:
Local
1>> CHANGE SERVER LOGIN PASSWORD 'FRITZ'
Note: If you don't include the quoted
password the server prompts you for a password and then prompts you
to verify it. The password is not echoed to the screen.
To require the server login password to log
in to ports 5 and 8, type:
Local
1>> CHANGE PORT 5,8 PASSWORD ENABLED
Additionally you can set the number of times a user can type in a password
incorrectly before the server logs out the port. The default is 3. Refer
to the CHANGE SERVER PASSWORD LIMIT command in the EasyServer II
Command Reference Manual [PDF
- 417KB] for command syntax.
SECURE
and LIMITED VIEW Commands
As the system administrator, you can further
protect the Communications Server and network against unauthorised access
by designating individual ports or all ports as secure or limited view.
A user on a secure port (security enabled) has access to commands that
affect that port only. A secure port user cannot display information
about other ports or the server and cannot use the BROADCAST command.
If you want to prevent some users from seeing network resources, such
as Internet databases enable limited view on those ports.
The following example shows how to enable security
on all ports and limited view on port 3.
Local
1>> CHANGE PORT ALL SECURITY ENABLED
Local 1>> CHANGE PORT
3 LIMITED VIEW ENABLED
Hardware
Security
To prevent anyone from gaining unauthorised access to your Communications
Server by unplugging and switching cables, enable DCDLOGOUT. This causes
the server to log out any port when an attached interactive device (such
as a terminal or UNIX host) powers down, a modem hangs up, or when a
cable is disconnected on an active port. Refer to the CHANGE PORT DCDLOGOUT
command in teh EasyServer II Command Reference Manual [PDF
- 417KB] for command syntax.
Example: Connect a non flow-control signal (such as RTS on a
Wyse Terminal) to the DCD pin on the server.
Login
Password
You can create a login password for each port
on the Communications Server. If a login password is specified for a
port, that password is used in place of the Communications Server's
login password. If a password is required on a port but no password
is specified for that port, the server's login password is used. The
following example shows how to set up a login password on port 8.
Local
1>> CHANGE PORT 8 PASSWORD ENABLED
Local 1>> CHANGE PORT
8 PASSWORD `netbox'
Local 1>> LOGOUT PORT
8
Login
Accounts
Login accounts provide added security for the
Communications Server. Each port that enables this feature requires
the user to enter a valid user name and password from the Communications
Server's login account table.
A login account can specify that the user has
privilege (SET PRIVILEGED), limited view (SET PORT LIMITED VIEW), or
secure mode (SET PORT SECURITY). Each of these options overrides the
port's permanent database settings as long as the user is logged in.
The following example shows how to set up and
show a privileged account and a login sequence using the new account.
Local
1>> CHANGE PORT LOGIN ACCOUNT ENABLED
Local 1>> CHANGE ACCOUNT
root PRIVILEGED ENABLED
PASSWORD
Enter new password:
Verify:
Local 1>> SHOW ACCOUNTS
Username Password
Protocol Callback Characteristics
root
Required NONE None
Privileged
Local 1>> LOGOUT
Local -059- Port 1 logged
out on server `netbox'
Enter username: nobody
Local -143- Account `nobody'
does not exist
Enter username: root
Account password:
Local -140- Login incorrect
Enter username: root
Account password:
Please type HELP for
assistance
Local 1>>
Note: The account password is not echoed.
For users logging in via a modem, an optional
callback string may be specified. If the callback string is set, the
user is notified when being called back. The Communications Server will
force the port to disconnect and after a short delay will send the callback
string to the modem to initiate the return call. Once the modems have
re-established the connection, the user will be logged in and prompted
for a local command.
The following is an example of creating an account
named lab7 that specifies a callback string.
Local
1>> CHANGE ACCOUNT lab7 CALLBACK 'atdt2895'
Local 1>> SHOW ACCOUNTS
Username Password
Protocol Callback Characteristics
root
Required NONE None
Privileged
lab7
None NONE
Yes None
The following example shows a user logging in
to port 8 with the lab7 login account. This example assumes port 8 has
already been configured for a modem and the user has connected to the
modem on port 8. After specifying the lab7 login account, the Communications
Server begins the callback sequence.
Enter
username: lab7
Local -104- Modem on
port 8 disconnected, please wait
for callback
NO CARRIER
RING
CONNECT 9600
Please type HELP for
assistance
Local 8>>
The messages in the middle of the output are
from the local modem and vary depending on the type of modem that is
being used.
Go to
Top of Page
