Because the Internet Manager can be used to configure important
services on your system, it is important that access to it be
restricted to protect your system from unauthorized users.
This is accomplished in two ways. First, the Internet Manager
requires that the user enter a user name and password
to gain access. Second, the Internet Manager checks
that the system from which the user is accessing it is one that
you have specifically authorized.
By clicking on the Security button on the Internet
Services page, you can change the Internet Manager password
and specify which systems are authorized to use the
Initially, the password for the Internet Manager is
the same as the root password. You can change the password by
clicking Set Internet Manager Password on the Security page.
Changing the password for the Internet Manager does not
change the passwords for the Netscape server administration utilities.
These must be changed from within those utilities.
The Internet Manager uses only the first eight characters of your password.
The system is initially configured to allow access only
from the system itself (running the
Internet Manager on the console
display). To allow another
system or systems access to the Internet Manager, select
Control Access From Remote Sites on the Security page,
then enter the system's IP address.
By allowing another system to access the Internet Manager remotely,
system security is decreased and your system is potentially
vulnerable to an ``IP spoofing attack''.
In an IP spoofing attack, a hacker
attempts to gain access to your system by making a remote
system appear to be one of your trusted systems by using its
IP address. It is also possible that someone monitoring
data packets on the network could discover your password.
The chance of your system actually being attacked in this manner
is small, and chances of a successful security breach are
even smaller (the attacker must determine both the IP
address of one of your trusted systems as well as
the Internet Manager password). You
should weigh the benefits of remote administration against
the costs of a potential compromise of system security.
Providing access to unlisted packet filter services
To provide access to a service not listed in the packet filter,
open the TCP ports 1024-5999 and 6006-65535.
To do this:
Start the Internet Manager.
Press the Security button.
Press the Control INTERFACE Data Flow button.
Select the World Wide Web subsystem and press OK.
For each interface you are opening access to
(most people will perform these steps for the
net0 interface only):
Select that interface to configure and press OK.
Set the Inbound ``nonStandard'' option to ``true''
to allow access to an otherwise unlisted service.
Set the outbound ``nonStandard'' to ``true''
to allow an otherwise unlisted service access to the Internet.
Press the OK button.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003