Securing the Server Console

The first principle of securing your server console is physical security. If you don't provide physical security, nothing else you do matters very much.

The processing unit should be locked in a place where no one can remove it or reboot it. Some network administrators remove both the keyboard and the monitor and manage the server remotely by using NetWare Remote Manager or RCONSOLEJ. We suggest that you also consider using a power-on password whether you manage at the console or use RCONSOLEJ at a workstation.

Two features that provide additional security at the console are the following:


Why Should I Use SECURE CONSOLE?

After you have provided physical security for your server, you can use the SECURE CONSOLE command to provide the following security features, while still allowing you to use the console:


Using the SECURE CONSOLE Command

To secure the server console, enter the following command at the System Console prompt:

SECURE CONSOLE

To secure the server console whenever the server is booted, add the SECURE CONSOLE command to the server's AUTOEXEC.NCF file. If the AUTOEXEC.NCF file loads modules from any directory other than SYS:SYSTEM or C:\NWSERVER, then in the .NCF file the SECURE CONSOLE command must follow the LOAD commands for these modules.

IMPORTANT:  To disable SECURE CONSOLE, you must first shut down the NetWare server and reboot it. If the SECURE CONSOLE command is in the AUTOEXEC.NCF file, use EDIT or any text editor to remove it before you shut down the server and reboot it.

For more information on using SECURE CONSOLE, see SECURE CONSOLE in Utilities Reference.


Using SCRSAVER to Lock the Server Console

The console-locking feature in the SCRSAVER.NLM allows you to require a password before gaining access to the server console prompt. If a key is pressed when the console lock is enabled, a dialog box appears. You must then supply an eDirectory username and password. In addition, the User object must have the Write right to the access control list (ACL) of the Server object to gain access to the server console prompt.

When the screen saver is activated, it displays a moving snake for each processor on the server. Each snake is a different color: the first one is red, the second is blue, etc. The speed of each snake and the length of its tail are directly proportional to the processor's utilization.

If the console is unlocked, press any key to activate the console. The snake screen will disappear.

  1. To display command options for SCRSAVER, enter the following at the System Console prompt:

    SCRSAVER HELP

    Command options allow you to enable and disable locking, check the status of the lock options, and change the length of time the console is allowed to be inactive before the screen saver is activated. The default is 600 seconds (10 minutes).

  2. For more information about a command option, enter the following at the System Console prompt:

    SCRSAVER HELP command_option

  3. To load the SCRSAVER module, enter the following at the System Console prompt:

    SCRSAVER [option; option...]

    When you load the screen saver, the default is to enable the console-locking feature and to require a password for access. The corresponding eDirectory user must have the Write right to the Access Control List (ACL) of the Server object.

For more information, see SCRSAVER in Utilities Reference.


Unlocking the Server Console

To unlock the server console after locking it using SCRSAVER.NLM, complete the following:

  1. While the screen-saver snake is displayed, press any key on the server console keyboard.

  2. At the Login dialog box, press Enter to select the Username field.

    The login box appears only if the console is locked.

  3. Enter the username.

    The User object must have the Write right to the ACL for the Server object.

    If the username field is blank or if you want to change the username, enter an eDirectory username and context. Again the User object must have the required rights.

  4. Press Enter again to select the password field.

  5. Type the password for the username and press Enter twice.

    The screen saver snake disappears and the server console screen appears.



Previous | Next