The Netra server provides a number of generic network services that do not have administration modules associated with them. These services enable users to access information and facilities on the server. You can restrict access to any or all of these services using the Network Service Access module. Restricting access to all services helps ensure the security of your network.
For each network service there are three access modes. The service can be denied to all hosts; the service can be made available to a specified list of hosts and networks (using a control list); or the service can be made available to all hosts. All services using the control list access mode share one access control list.
The following network services are available on your Netra server:
File Transfer Protocol (FTP). Enables an authorized user to transfer files between a remote machine and the Netra server.
TELNET Protocol (telnet). Enables an authorized remote user to log in to the Netra server and interact as a normal user.
Remote User Information (finger). Enables network users to display information about users logged in to the Netra server.
Remote Shell (rsh). Enables an authorized remote user to open a command-line interpreter (shell) on the Netra server and run commands there.
Remote Login (rlogin). Enables an authorized remote user to log in to the Netra server and interact as a normal user.
Remote Execution (rexec). Enables a library routine to be run on a remote machine and return streams to the local machine.
Remote System Statistics (rstat): Enables a remote user to get performance data from the Netra server.
Mail Notification (comsat). Enables the Netra server to detect incoming mail and notify local users logged into the Netra server.
Talk Program (talk). Enables users on remote systems to enter lines of text on one machine and display them on the terminal of someone logged into the Netra server. (Remote users can thus "chat" with users on the Netra server.)
Distributed System Admin (sadmind). Enables remote users to perform distributed system administration operations on the Netra server.
Network File System Quota (quotad). Enables for notification if users use more than an allocated amount of disk space on the Netra server.
User Info (rusers). Enables a remote user to check which users are logged into the Netra server.
Diagnostic Packet Tester (spray). Enables a remote user to send a one-way stream of packets to the Netra server to see how many are received and at what rate.
Broadcast Messages (rwall). Enables a single message from a remote user to be sent to all users logged into the Netra server.
UNIX-to-UNIX Copy (uucp). Enables remote copy exchanges between a remote machine and the Netra server.
Trivial Name Server (tnamed). A server that supports the DARPA trivial name server protocol.
Calendar Manager (cmsd). Enables remote users to check the Calendar Manager entries of a user with an account on the Netra server.
From the Main Administration page, under "Security Administration," click Network Service Access.
The Network Service Access Administration page is displayed with a list of the server's network services and corresponding access levels.
Choose the access mode for each network service using the information in Table 5-3.
Table 5-3 Security Levels for Network Services
Option |
Description |
---|---|
None |
Denies access to all hosts for this service. |
Control List |
Permits access by hosts and networks specified in the Control List Host and Network Addresses field. |
All |
Allows access to all hosts. |
Control List Host and Network Addresses |
The host or network addresses of the hosts and networks of hosts that are allowed access to the services. This field is required for services using the Control List access mode. |