DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Configuring Internet Services

Security

Because the Internet Manager can be used to configure important services on your system, it is important that access to it be restricted to protect your system from unauthorized users. This is accomplished in two ways. First, the Internet Manager requires that the user enter a user name and password to gain access. Second, the Internet Manager checks that the system from which the user is accessing it is one that you have specifically authorized.

By clicking on the Security button on the Internet Services page, you can change the Internet Manager password and specify which systems are authorized to use the Internet Manager. Initially, the password for the Internet Manager is the same as the root password. You can change the password by clicking Set Internet Manager Password on the Security page.

NOTE: Changing the password for the Internet Manager does not change the passwords for the Netscape server administration utilities. These must be changed from within those utilities.

The Internet Manager uses only the first eight characters of your password.

The system is initially configured to allow access only from the system itself (running the Internet Manager on the console display). To allow another system or systems access to the Internet Manager, select Control Access From Remote Sites on the Security page, then enter the system's IP address.

CAUTION: By allowing another system to access the Internet Manager remotely, system security is decreased and your system is potentially vulnerable to an ``IP spoofing attack''. In an IP spoofing attack, a hacker attempts to gain access to your system by making a remote system appear to be one of your trusted systems by using its IP address. It is also possible that someone monitoring data packets on the network could discover your password. The chance of your system actually being attacked in this manner is small, and chances of a successful security breach are even smaller (the attacker must determine both the IP address of one of your trusted systems as well as the Internet Manager password). You should weigh the benefits of remote administration against the costs of a potential compromise of system security.

Providing access to unlisted packet filter services

To provide access to a service not listed in the packet filter, open the TCP ports 1024-5999 and 6006-65535. To do this:

  1. Start the Internet Manager.

  2. Press the Security button.

  3. Press the Control INTERFACE Data Flow button.

  4. Select the World Wide Web subsystem and press OK.

  5. For each interface you are opening access to (most people will perform these steps for the net0 interface only):

    1. Select that interface to configure and press OK.

    2. Set the Inbound ``nonStandard'' option to ``true'' to allow access to an otherwise unlisted service.

    3. Set the outbound ``nonStandard'' to ``true'' to allow an otherwise unlisted service access to the Internet.

    4. Press the OK button.
Next topic: Web
Previous topic: Net

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003