18.3 Managing Appliance Security Features

This section contains the following topics:

18.3.1 Using the Console Lock Feature

The iChain Proxy Services console is locked by default to prevent unauthorized access. The password to unlock the console is the Config user password you specified during the initial configuration.

To use the command line interface, you must unlock the console by entering the following command:

unlock
config_user_password

NOTE:If a config_user_password is not set, the password is null.

After the console is unlocked, it remains unlocked until you lock it using the lock command.

18.3.2 Accessing Proxy Internals

A few iChain features require the administrator to access the internals of the iChain Proxy Server.

WARNING:Changes to the internal proxy server configuration should be limited to those items specified in authorized iChain documentation or as directed by Novell support personnel. Undocumented changes might result in proxy server malfunction and might require Novell support personnel to request a software re-image for that server.

To access the internals of the proxy server, enter the following command at the proxy server console:

debug
proxy_debug_password

The proxy_debug_password is "proxydebug".

Editing the Tune.ncf File

Edit the tune.ncf as instructed in the tune.ncf, or enter the following SET parameters at the server console:

SET NCP INCLUDE IP ADDRESSES = ALL
SET NCP EXCLUDE IP ADDRESSES = NONE
SET NCP OVER UDP = ON

WARNING:Remember that editing this file can create a security hole. One way to reduce this risk would be to enable a single interface for NCP™ access using the set parameter SET NCP INCLUDE IP ADDRESSES = IP_address_of_private_interface. This provides access only on the specified interface. You should disable login when you are finished editing the file.

To edit the sys:\system\tune.ncf file, complete the following steps:

  1. At the NetWare® System Console, load EDIT.

    To get to the NetWare System Console, you must first unlock the ICS console by entering unlock, followed by the password when prompted. (The password is the config user's password.)

  2. Enter debug. The debug password is proxydebug.

  3. After NCP is enabled on the server, use the following credentials:

    User: ichainadmin
    Password: novell
    

For information on how to enable NCP on the iChain server in order to edit the tune.ncf file, see the Novell Technical Information Document.

18.3.3 Setting Up Enhanced Security Within the Authentication Cookie

iChain can require at least 48 bits of random data to be matched for authentication instead of only 16 bits. You can set up this secure cookie requirement by entering a command line startup when loading the proxy. The following is the switch you need to enter:

Proxy -cv 2