Loading...
Communication Server
Security Setup Guide
CommWorks Ready
Part Number 10031370
Communication Server
Security Setup Guide
CommWorks Ready
Part No. 10031370-01
Published November 2000
3Com Corporation 5400 Bayfront Plaza Santa Clara, California 95052-8145
3COM CORPORATION (hereinafter “3Com”) LIMITED USE SOFTWARE LICENSE AGREEMENT
READ CAREFULLY: By exercising Licensee’s rights to make and use copies of the SOFTWARE (as may be provided for below), Licensee agrees to be bound by the terms of this license agreement. IF LICENSEE DOES NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THIS PACKAGE TO THE PLACE FROM WHICH LICENSEE OBTAINED IT FOR A FULL REFUND.
LICENSE AND PROTECTION
LICENSE GRANT. 3Com grants to the End User (hereinafter “Licensee”) and Licensee accepts subject to the following terms and conditions, a nonexclusive, nontransferable right to use the accompanying copy of the Software limited to the number of communication ports licensed for fax or data exchange. A communication port can be accessed and used by only one network user at any one time; however, all network users have concurrent single user access. Should 3Com determine that Licensee is in Breach of said license, Licensee agrees to return the original and all other copies of the Software and Documentation to 3Com. 3Com reserves all rights not expressly granted to Licensee.
PROTECTION OF SOFTWARE.
Licensee agrees to take all reasonable steps to protect the Software and documentation from unauthorized copying or use. Without limiting any remedies or relief, which may be available to 3Com, Licensee agrees to pay 3Com for additional licenses if Licensee uses the Software on more than the licensed number of communication ports or in any way beyond the scope of this License.
COPIES.
All server and client executable files are contained on the single CD received with this License. Licensee may make one new copy of the client component of the software per client on the network provided that this new copy is created as an essential step in the deployment of the Software and is used in no other manner, or is for archival purposes only to backup use of the Software. All proprietary rights notices must be faithfully reproduced and included on such copies. Licensee may not copy the documentation unless for use by network clients as a step in the deployment of the Software, and for no other reason.
OWNERSHIP.
Ownership of, and title to the Software and Documentation (including any adaptation or copies) shall be held by 3Com. Copies are provided to Licensee only to allow Licensee to exercise its rights under the License.
TRANSFER OF LICENSE.
Licensee may transfer this License to another person or entity with the prior written approval of 3Com.
3Com shall not unreasonably withhold approval if Licensee advises 3Com in writing of the name and address of the proposed transferee and the transferee agrees to be bound by this Agreement. If the License transfer is approved, Licensee must transfer all copies of the Software and documentation including the original copies provided in this package and any copies Licensee has legally made.
TERM.
This Agreement is effective from the date Licensee opens this package, and shall remain in force until terminated. Licensee may terminate this License at any time by destroying the Documentation and the Software together with all copies. This Agreement shall also automatically terminate if Licensee breaches any of the terms or conditions of this Agreement. Licensee agrees to destroy the original and all copies of the Software and Documentation, or to return such copies to 3Com upon termination of this license.
LICENSE AUTHENTICATION.
Use of each Server license is authorized for an initial 30 calendar days providing all licenses are authenticated by 3Com to allow for continued operation beyond these initial 30 days. If the Server license is not authenticated within the initial 30 days of operation, on the 31st day, it will cease to transmit and cease to forward or print received faxes. License Authentication Procedure is described in the ‘Getting Started Guide’ included with this CD.
LIMITED WARRANTY AND LIMITED LIABILITY.
Authentication. Licensee will automatically lose all rights under this Limited Warranty unless Licensee initiates and completes the License Authentication Procedure promptly, completely, and accurately and return it to 3Com within 30 days of installing and executing the Server Software.
Compatibility. The Software is only compatible with certain personal computers. The Software may not be compatible with and is not warranted for non-compatible systems. Call 3Com Customer Support for information on compatibility.
Diskettes and Documentation. 3Com warrants that if the enclosed magnetic diskettes, CD-ROMs or other media or Documentation are in a damaged or physically defective condition at the time that the License is purchased and if they are returned to 3Com (postage prepaid) within 90 days of purchase, then 3Com will provide Licensee with replacements at no charge.
Software. 3Com warrants that if the Software fails to substantially conform to the specifications in the Documentation and if the nonconformity is reported in writing by Licensee to 3Com within ninety (90) days from the date that the License is purchased, the 3Com shall use commercially reasonable efforts to remedy the nonconformity or at its option refund the purchase price.
DISCLAIMER OF WARRANTIES.
3Com makes no warranty, representation or promise not expressly set forth in this agreement. 3Com disclaims and excludes any and all implied warranties of merchantability and fitness for particular purpose. 3Com does not warrant that the software or documentation will satisfy its requirements or that the software and documentation are without defect, omission or error or that the operation of the software will be uninterrupted. This limited warranty gives Licensee specific legal rights.
LIMITATION OF LIABILITY.
3Com’s aggregate liability arising from or relating to this agreement or the Software or documentation is limited to the total of all payments made by or for Licensee for the license. 3COM SHALL NOT IN ANY CASE BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR PUNITIVE DAMAGES EVEN IF 3COM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 3COM IS NOT RESPONSIBLE FOR LOST PROFITS OR REVENUE, LOSS OF USE OF THE SOFTWARE LOSS OF DATA COSTS OF RECREATING LOST DATA, THE COST OF ANY SUBSTITUTE EQUIPMENT OR PROBLEM, OR CLAIMS BY ANY PARTY OTHER THAN LICENSEE.
SOLE REMEDY AND ALLOCATION OF RISK.
Licensee’s sole and exclusive remedy is set forth in this agreement. This agreement defines a mutually agreed-upon allocation of risk and 3Com’s prices and fees reflect such allocation of risk.
GENERAL CONDITIONS.
Governing Law. This agreement shall be governed by, and interpreted in accordance with the laws of the state of Illinois.
Entire Agreement. This agreement sets forth the entire understanding and agreement between Licensee and 3Com and may be amended only in writing signed by both parties. No vendor, distributor, dealer, retailer, sales person or other person is authorized to modify this agreement or to make any warranty, representation or promise which is different than, or in addition to the representations or promises of this agreement.
Waiver. No waiver of any right under this agreement shall be deemed effective unless contained in writing signed by a duly authorized representative of 3Com, and no waiver of any past or present right arising from any breach of or failure to perform shall be deemed to be a waiver of any future right arising under this agreement.
Severability. If any provision in this agreement is invalid or unenforceable, that provision shall be construed, limited, modified or, if necessary severed, to the extent of necessary to eliminate its invalidity or unenforceability, and the other provisions of this agreement shall remain unaffected.
DEFINITIONS.
“3Com” means 3Com Corporation and its subsidiaries, a company with offices in Mount Prospect, Illinois.
“Licensee” means the person or business entity that purchased this license to use this software or for the end user for whom such license was purchased.
“Software” means the computer programs provided in the accompanying package.
“Communication port” means a single modem or serial port device attached to a personal computer serial port, the use of which is allowed through the network, by any other network node or machine, locally or remotely attached - and controlled by the software. Only one personal computer can access, load and execute the software at any given time for each licensed communication port. The software shall not be loaded on different/additional local area networks or internetworks. Different/additional networks must have separate additional licenses.
“Documentation” means all guidebooks - either in printed or electronic format - and any other printed material provided by 3Com with the software.
“License” means the license purchased and granted in this agreement.
LICENSE AUTHENTICATION PROCEDURES are described in the ‘Getting Started Guide’ accompanying this license. To protect our licenses and Licensee’s assurance of exceptional customer and technical services, each license on a machine running 3Com Server software must be authenticated. For Licensee’s convenience, Licensee can authenticate Licensee’s license via fax, phone or email.
The information required for authentication is stored in the server in a file called REGISTER.TXT. Please allow five days for authentication.
YEAR 2000 INFORMATION:
For information on Year 2000 compliance and 3Com products, visit the 3Com Year 2000 web page: http:// www.3Com.com/products/yr2000.html
CONTENTS
ABOUT THIS GUIDE
|
Conventions........................................................................................................................ |
ix |
|
Year 2000 Compliance ......................................................................................................... |
x |
1 |
|
|
INTRODUCING SECURITY |
|
|
|
...................................................................................................................... |
Introduction1-1 |
|
The Nature of Objects ................................................................................................. |
1-1 |
|
Accounts..................................................................................................................... |
1-2 |
|
Groups........................................................................................................................ |
1-2 |
|
Positive and Negative Security Permissions................................................................... |
1-2 |
|
Security Glossary .............................................................................................................. |
1-3 |
|
Adding Members to Pre-Defined User Groups ............................................................. |
1-4 |
|
Pre-Defined User Groups ............................................................................................. |
1-5 |
|
Security Objects and Permissions ................................................................................ |
1-8 |
2 |
|
|
WORKING WITH SECURITY |
|
|
|
............................................................................................................... |
Starting Security2-1 |
|
Sorting Security Information ........................................................................................ |
2-2 |
|
Setting Up Accounts ................................................................................................... |
2-3 |
|
Setting Up Groups....................................................................................................... |
2-6 |
|
Setting Up Security Permissions ................................................................................... |
2-8 |
|
Resetting Security...................................................................................................... |
2-11 |
3SECURITY PERMISSION EXAMPLES
Sample Sales Permissions.................................................................................................. |
3-1 |
INDEX
viii
ABOUT THIS GUIDE
This chapter covers security issues over the network, assigning rights and permissions to users.
If release notes are shipped with your product and the information there differs from the information in this guide, follow the instructions in the release notes.
Most user guides and release notes are available in Adobe Acrobat Reader
Portable Document Format (PDF) or HTML on the 3Com World Wide Web site:
http://totalservice.3com.com/
Conventions |
Table 1 and Table 2 list conventions that are used throughout this guide. |
||
|
Table 1 |
Notice Icons |
|
|
|
|
|
|
Icon |
Notice Type |
Description |
|
|
|
|
|
|
Information note Information that describes important features or |
|
|
|
|
instructions |
|
|
Caution |
Information that alerts you to potential loss of data or |
|
|
|
potential damage to an application, system, or device |
|
|
|
|
|
|
|
|
|
Convention |
Description |
|
|
|
|
|
|
Screen displays |
This typeface represents information as it appears on the |
|
|
|
|
screen. |
|
|
|
|
|
Syntax |
|
The word “syntax” means that you must evaluate the syntax |
|
|
|
provided and then supply the appropriate values for the |
|
|
|
placeholders that appear in angle brackets. Example: |
|
|
|
To enable RIPIP, use the following syntax: |
|
|
|
SETDefault !<port> -RIPIP CONTrol = |
|
|
|
Listen |
|
|
|
In this example, you must supply a port number for <port>. |
|
|
|
|
|
Commands |
The word “command” means that you must enter the |
|
|
|
|
command exactly as shown and then press Return or Enter. |
|
|
|
Commands appear in bold. Example: |
|
|
|
To remove the IP address, enter the following command: |
|
|
|
SETDefault !0 -IP NETaddr = 0.0.0.0 |
|
|
|
|
|
The words “enter” |
When you see the word “enter” in this guide, you must type |
|
|
and “type” |
something, and then press Return or Enter. Do not press |
|
|
|
|
Return or Enter when an instruction simply says “type.” |
xCHAPTER : ABOUT THIS GUIDE
Convention |
Description |
|
|
Keyboard key names |
If you must press two or more keys simultaneously, the key |
|
names are linked with a plus sign (+). Example: |
|
Press Ctrl+Alt+Del |
|
|
Words in italics |
Italics are used to: |
|
■ Emphasize a point. |
|
■ Denote a new term at the place where it is defined in the |
|
text. |
|
■ Identify menu names, menu commands, and software |
|
button names. Examples: |
|
From the Help menu, select Contents. |
|
Click OK. |
|
|
Year 2000 Compliance For information on Year 2000 compliance and 3Com products, visit the 3Com Year 2000 Web page:
http://www.3com.com/products/yr2000.html
INTRODUCING SECURITY
1
|
This chapter explains how security works and what functions it performs. It also |
|
provides reference information on pre-defined user groups, all permissions |
|
and permission definitions. |
|
|
Introduction |
The organization of this guide follows the concepts and steps required to set up |
|
security. Follow the steps in this guide exactly to achieve the best results and |
|
ensure the fewest problems. |
|
After setting up the server and adding users, use the security module. Security |
|
works with the existing trustee hierarchy (server supervisors, account supervisors, |
|
administrators, managers and users) and allows you to specify permissions for |
|
individuals (users), accounts and groups. |
The Nature of Objects Documents are objects that are stored in the fax server that may be accessed by users for faxing. Cover pages, telephone lists and attachments are objects. User profiles and modems are also objects.
Permissions and Objects
Permissions determine who can do what to each object.
The security permissions for server supervisors are fixed. You cannot change the permissions nor delete the user group. This ensures that the server always has someone that can work with users, Server Setup and Security permissions. When the server supervisor creates a new user, the user is assigned to an account under an account manager by the server supervisor. Once assigned to an account, the server supervisor assigns some control over the user to the account supervisor.
Functions of Security
Security allows you to:
■ Create accounts for users and objects (such as modems, cover pages and phonebooks)
■ Create Groups of users and objects
■ Set the permissions owned by users, user accounts and user groups, to access specific objects and object groups.
Some examples of permissions to access a modem include:
■Monitor the status of the modem
■Reset the modem
■Pause/Resume modem activity
1-2 CHAPTER 1: INTRODUCING SECURITY
A complete description of all possible permissions appears in the “Security Objects and Permissions” section later in this chapter.
A permission can be:
■Granted—you can do the action
■Denied—you cannot do the action
■Inherited—you can or cannot do the action based on the permissions defined for your group
■Irrevocable—you can do the action and the permission cannot be denied.
To learn more about the types of permissions, see “Icon List—Permission Icons” on page 1-4.
Accounts An “account” does for CommWorks IP Fax Solutions roughly what a “domain” does for Windows NT. Here are some attributes of accounts:
■Each account contains one or more users
■Every user belongs to one account
■Users have more rights to things that belong to their own account, than they do to things that belong to other accounts. For example, a user might have read-access to a public phonebook created by another user who belongs to the same account, but would have no access to phonebooks created by users who belong to a different account.
■Each account has its own administrator. Administrators have all-powerful privileges to things (e.g. end-users and fax-jobs) which belong to their own account, but no privileges to things that belong to another account.
Groups Setting up and managing security is easier when objects and users are grouped. Create groups of users to assign similar permissions. For example, you might have a Sales User group that has permission to use the same fax port device.
Create groups of objects to assign users similar permissions to use tham. For example, a subset of modems called Sales might be accessable only by members of the Sales User group.
Positive and Negative Grant permission to do something (positive) or deny permission to do something Security Permissions (negative). The following is an example of a negative permission:
Assume that All Fax Users have permission to use and monitor fax port number 2. Sales users are to use this port, but are not to monitor it. In this
Security Glossary 1-3
|
case, simply remove permission from the Sales User group to deny them |
|
access to monitoring feature of fax port 2. All other user groups, except |
|
those belonging to the sub-group Sales User, can still monitor the modem. |
|
This illustrates that user groups with similar permissions can be modified, allowing |
|
greater control. |
|
|
Security Glossary |
Irrevocable Permission—A permission that is granted to users because they |
|
belong to a pre-defined group with permissions that cannot be changed. The |
|
server supervisor, account supervisors, CommWorks IP Fax Solutions manager, |
|
CommWorks IP Fax user and Assistant groups all have irrevocable permissions. |
|
Default Permission—A permission that is granted to users because they belong |
|
to a pre-defined group with the permissions. The difference between default |
|
permissions and irrevocable permissions is that you can change Default |
|
Permissions. |
|
Owned By Self—Any object that users can create or is owned by them has a |
|
group labeled “Owned By Self”. This group gives the creator or owner of an |
|
object more permissions for objects they own than for objects that are owned by |
|
other people. Some objects that users create are faxes, attachments and cover |
|
pages. Some objects users own are received faxes and their user profile. |
|
Member—Each group of users or objects can have members. Members are |
|
individuals or sub-groups that belong to a group. |
|
List—Users with the list permission can see that the object or user exists, although |
|
they may not be able to use it. Generally, the user or User group must have this |
|
permission before they are granted another permission for the object. For |
|
example, a user that has the Use Attachment permission without the List |
|
Attachment permission will never see the attachment to select it; therefore, the |
|
user cannot ‘use’ the attachment. |
|
Account #— Every user belongs to one account. Accounts are named using |
|
account numbers (Account #’s). The Account # to which each user belongs is |
|
displayed in the “User Properties” dialog. Properties for these Account #’s are also |
1-4 CHAPTER 1: INTRODUCING SECURITY
set up here. There are two states of an Account # in reference to a user. The Account # is either Active or Forwarded.
Table 1-1 Icon List—Object Icons
Icon |
Name |
Icon |
Name |
|
|
|
|
|
Server |
|
Modems |
|
Attachments |
|
Phonebooks |
|
Cover Pages |
|
User Profiles |
|
Account #’s |
|
Server Setup |
|
Fax Jobs |
|
Users |
|
Folders |
|
|
|
|
|
|
Table 1-2 Icon List—Permission Icons
Icon |
Name |
Icon |
Name |
|
|
|
|
|
Granted permission |
|
Denied permission |
|
that was inherited. |
|
that was inherited. |
|
Granted permission |
|
Denied permission |
|
that was explicitly |
|
that was explicitly |
|
given. |
|
refused. |
|
Granted permission |
|
|
|
that cannot be |
|
|
|
denied. |
|
|
|
|
|
|
Adding Members to There are six pre-defined user groups; server supervisors, account supervisors, Pre-Defined User Groups managers, Fax Administrators, and CommWorks IP Fax users.
Use the Security module to add, authenticate and define new users.
Assistants also have irrevocable permissions, however, since the assistant's permissions depend on another user’s permissions the assistant user level is not listed as a pre-defined User group. Assistants have the same permissions to fax jobs as the user they assist.
Loading...