[Front] [Prev Chapter]
[Next Chapter]
1. At the system prompt, type the following:
SETUP <Enter>
2. Select the Data Protection and Security option, and then select Configure Security.
SETUP shows whether security is currently enabled or disabled. If you are enabling security for the first time, select the Enable Security option.
3. You are prompted to enter a password.
This password is the master key password. You must use alphanumeric characters for the password. The maximum length for a password is 15 characters.
NOTE: When you choose a password, do not choose one that is too easy to guess, such as your own name, but do not use one that you find hard to remember. Use a nonsense word, or put some numbers into a word to make it harder for anyone to guess your password.
This password is used with both standalone and network security.
WARNING: Do not forget the master key password. If you enable security and specify a master key password, you must enter this password before you can gain access to the computer.
4. Save the changes you made and exit SETUP.
Now, when you reboot your computer, you are prompted for the master key password before you gain access to your computer.
If your computer is not part of a network, read the following section "Security on a Standalone Computer" to learn about using security on your computer. If your computer is part of a network, read the section "Security With the Network" on page 14-4.
NOTE: Once you enable security, you might find that some third party disk utilities report errors in the partition table. You can ignore these messages. However, if you suspect that the disk is corrupted, do not try to use a third party utility to correct this until you have disabled security and restarted your computer.
Security on a Standalone Computer
When a computer is not part of a network, there are several ways to keep the information on the computer secure from unauthorized access. They are as follows:
You set the master key password when you enabled security in SETUP. You can also use SETUP to change this password.
Security also protects the hard disk from unauthorized access by denying access to the hard disk, when an attempt is made to boot an operating system from diskette.
If you have more than one operating system loaded on your hard disk, you must supply the master key password to load any other operating systems as well as DR-DOS.
Refer to the description of the LOCK command in the "Command Reference" chapter of DOSBook for more details about locking your computer. Note that you can use LOCK whether or not you have enabled security on your computer.
In order to keep information secure on a computer that is part of the network, there are various issues that you need to consider. When you load the network software on a computer so that it can be a Personal NetWare server, you are opening up access to the resources available on that computer. You need to ensure that all users have access to the resources that they need, but also to make sure that unauthorized access is not possible.
Using Access Rights
You can set access rights on shared directories and shared printers. Access rights set the level of access for that resource. When you assign access rights, you need to consider both the default access rights that apply to the resource, and the non-default rights that you can give to a particular user for that particular resource. Make sure that the default access rights for the shared directory are suitable for the workgroup as a whole, and assign non-default rights only when needed. The following is a list of rights available for shared directories.
Shared printers have the rights ALL or NONE.
Setting Passwords on Accounts
If you want to ensure that accounts on the network are secure, give each account a password. When you create an account, specify that the account requires a password. Then give a password for the account. Tell the user of the new account what the password is, so the user can log in and change that password. The SUPERVISOR Account
In order to be secure, this account must have a password. If you do not set a password for this account, anyone can log in to your workgroup and change the way the workgroup, accounts, and resources are set up. The GUEST Account
While user accounts have passwords set on them, you may like to have an account that does not belong to any one user. This is often called the GUEST account. Since this account is meant to give limited access to anyone, you may not want to set a password on this account. If you do not set a password on the account, make sure that the default access rights for all resources are suitable for an account that anyone could use, and assign non-default access rights where appropriate. You could also alter the login times for the account, restricting use of the GUEST account to office hours, for example. Creating Local Users
When you enable security on a computer that is a Personal NetWare server, you can give local access to workgroup users by creating local users for the computer. A local user must enter a username and password to gain access to the resources on that computer when the computer is switched on. When you make a local user account, you can give access for that account to the hard disk, diskette drives, printer, one-time login facility, and the serial communication ports. Assigning Workgroup Administrator Privileges
If you give an account workgroup administrator privileges, then the user for that account can make changes to the way in which the workgroup and the resources are set up. Make sure that you only give workgroup administrator privileges to users that you want to be able to perform workgroup administration tasks. Choosing the Security Loadable Module
The security loadable module is one of the modules that is loaded automatically. In order to save space in memory, you can choose not to load some of the modules. If you do not load the security module, then access rights no longer apply, and all users have access to all the resources. Disabling an Account
If you suspect that an account is being misused, you can disable that account. The account still exists in the user database but no-one can use the account Using the Master Key Password
The master key password is the one you set when you enabled security. On a computer that has local users, you can use this password in place of any user password. Protecting the Hard Disk on the Client or Server
Once you have enabled security, the hard disk is protected from access via the diskette drive. If anyone attempts to boot up your machine using a diskette, they are unable to gain access to the hard disk, no matter what operating system they are trying to load. Locking the Client or Server
The LOCK screen saver is available on both server and client computers. Local users can use LOCK as a TSR, and specify a timeout period. Once LOCK is invoked, either by elapsed time or from the command line, you must type in the user password for that account to regain access to that computer. Protecting Files and Directories with Passwords
You can use the PASSWORD command to protect files and directories, but note that you will not be able to access a file or directory that is protected by a password across the network. You can only access such a file or directory from the machine that holds that file or directory. Security with Backups
When you take a backup, you make a copy of the information on your
machine. You can use this copy to replace lost or corrupted information.
If there is only one copy of the information kept in one place, for
example, on the hard disk, and the hard disk is corrupted in some way,
you lose all that information. With a backup copy, it only takes a short
time to restore the lost information.