|
|
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: Administrators
In order to protect the Novell Netware servers against manipulation, it is absolutely necessary to site the server in a secure area. This can either be a server room (refer to Chapter 4.3.2 Server room) or a server cabinet, if a separate server room is not available (refer to Chapter 4.4 Protective cabinets). Unsupervised access to the server should not be available to unauthorised persons. Furthermore, the diskette drives of Novell Netware servers have to be locked with supplementary locks.
With the help of SYS:SYSTEM\MONITOR.NLM direct data input into the server console should be prevented with a password. The command LOAD MONITOR.NLM -L should already have been added to the file SYS:SYSTEM\AUTOEXEC.NCF.The result of this is that whenever the server is started, it protects the server console with a password. However, it must be taken into account that the password of the bindery-user SUPERVISOR is needed to unlock the server. When the Netware 4.x server is installed, this password is identical to that of the user who has installed the server in the NDS. As a rule, this is the NDS user ADMIN. However, if the password for the user ADMIN is changed regularly, this does not mean that the password of the bindery-user SUPERVISOR is changed on the NDS servers. This can cause problems, as the SUPERVISOR passwords, which are different for each NDS server, are often left unchanged and may with time be forgotten.
Another important command with which the server console can be secured is SECURE CONSOLE. This command deactivates the server's debugger. Without this command, for example, it would be possible to reach the debugger, even though the server's console is protected with a password. Other important functions of the command S ECURE CONSOLE are:
Additional controls:
| © Copyright
by Bundesamt für Sicherheit in der Informationstechnik |
July 1999 |