SECURE CONSOLE

Purpose

Use at the server console to increase network security by

• Preventing loadable modules from being loaded from any directory other than the boot directories---SYS:SYSTEM or C:\NWSERVER
• Preventing keyboard entry into the operating system debugger
• Preventing the server date and time from being changed

Syntax

SECURE CONSOLE

Using SECURE CONSOLE

• When you execute SECURE CONSOLE, path specifiers are disabled. The sys:system search path remains in effect, but you cannot create new search paths.
• Use of SECURE CONSOLE is recommended, especially in security-sensitive environments. SECURE CONSOLE prevents the following types of breaches in security:

  • Trojan Horse modules. If you don't use SECURE CONSOLE, a module can be loaded from a DOS partition, a diskette drive, or any directory on a NetWare^® volume.

    If you allow modules to be loaded from all these drives, anyone who has access to the server console can load a loadable module. An intruder could create a module to access or alter any information on the server, or to change user account information at the server security level.

  • Date and Time Modifications. Some security and accounting features (such as password expiration, time restrictions, intruder detection, and lockout intervals) depend on date and time for their enforcement.

    If you don't use SECURE CONSOLE, an intruder can change the date and time at the server and bypass these time-dependent features.

• To disable SECURE CONSOLE, use DOWN to bring down the server in an orderly way, and then reboot the server.

Additional Information