|
| Table Of Contents | Index |
Different users have different security needs that range from none to extreme. If you are in the none category, then you can skip this chapter. But if you need all the security you can get, then read on.
First of all, DOS is not a secure operating system. There are various third party programs out there but what I'm going to cover here is how to make DOS secure as possible working with what you get with DOS.
The first thing to do is add the command BREAK=OFF to your CONFIG.SYS file. This prevents programs from breaking out of batch files. Avoid using commands that are internal DOS commands like DIR from inside a menu or inside batch files. Use the D.EXE program instead.
Use the LockWord option in the screen blanker so that if a menu is left unattended, it will not be accessible to just anyone walking up to a machine. The LockWord command requires the user type a password to release the screen blanker. If you are on a Novell network, you can use the UseNovPassword command. This forces the user to type their Novell password to unblank the screen.
If a menu choice accesses sensitive materials, then put a password on it. Also, make sure the SUPERVISOR user has a password. There are many times I've walked up to a server and logged in as supervisor and got right in. Make sure that intruder detection is set on. If you don't know what intruder detection is, read the Novell manuals.
You can also use the LogoffTime command to log users off the network after a given amount of inactivity. This also helps kick people off so that you can upgrade MarxMenu from time-to-time. (MARXMENU.OVR can't be updated on a network unless all users are out of the menu.)
If you have applications that allow you to shell to DOS, you can prevent them from getting to DOS by changing your COMSPEC to point to something other than COMMAND.COM. You could also rename COMMAND.COM in case a program is looking for this file by name. If this doesn't work for you then you can use the COMSP.EXE program to do the same thing.
Another defense is to lock the door to the computer room at night and teach employees security policies and make sure they use them. Security policies include such rules as not having your password written on a stick-em note stuck on the side of your monitor.
If you are on a network, buy diskless workstations. People can't copy files on or off a workstation that doesn't have a disk drive. It helps keep viruses off your server and lets the network administrators control what is and isn't on the network.
|
| Table Of Contents | Index |
|
