3COM 10031370-01 User Manual
Communication Server
Security Setup Guide
CommWorks Ready
Part Number 10031370
Communication Server
Security Setup Guide
CommWorks Ready
Part No. 10031370-01
Published November 2000
3Com Corporation
5400 Bayfront Plaza
Santa Clara, California
95052-8145
3COM CORPORATION (hereinafter 3Com) LIMITED USE SOFTWARE LICENSE AGREEMENT
READ CAREFULLY: By exercising Licensees rights to make and use copies of the SOFTWARE (as may be
provided for below), Licensee agrees to be bound by the terms of this license agreement. IF LICENSEE DOES
NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THIS PACKAGE TO THE PLACE FROM
WHICH LICENSEE OBTAINED IT FOR A FULL REFUND.
LICENSE AND PROTECTION
LICENSE GRANT. 3Com grants to the End User (hereinafter Licensee) and Licensee accepts subject to the
following terms and conditions, a nonexclusive, nontransferable right to use the accompanying copy of the
Software limited to the number of communication ports licensed for fax or data exchange. A
communication port can be accessed and used by only one network user at any one time; however, all
network users have concurrent single user access. Should 3Com determine that Licensee is in Breach of said
license, Licensee agrees to return the original and all other copies of the Software and Documentation to
3Com. 3Com reserves all rights not expressly granted to Licensee.
PROTECTION OF SOFTWARE.
Licensee agrees to take all reasonable steps to protect the Software and documentation from unauthorized
copying or use. Without limiting any remedies or relief, which may be available to 3Com, Licensee agrees to
pay 3Com for additional licenses if Licensee uses the Software on more than the licensed number of
communication ports or in any way beyond the scope of this License.
COPIES.
All server and client executable files are contained on the single CD received with this License. Licensee may
make one new copy of the client component of the software per client on the network provided that this
new copy is created as an essential step in the deployment of the Software and is used in no other manner,
or is for archival purposes only to backup use of the Software. All proprietary rights notices must be
faithfully reproduced and included on such copies. Licensee may not copy the documentation unless for use
by network clients as a step in the deployment of the Software, and for no other reason.
OWNERSHIP.
Ownership of, and title to the Software and Documentation (including any adaptation or copies) shall be
held by 3Com. Copies are provided to Licensee only to allow Licensee to ex erc ise its rights under the License.
TRANSFER OF LICENSE.
Licensee may transfer this License to another person or entity with the prior written approval of 3Com.
3Com shall not unreasonably withhold approval if Licensee advises 3Com in writing of the name and
address of the proposed transferee and the transferee agrees to be bound by this Agreement. If the License
transfer is approved, Licensee must transfer all copies of the Software and documentation including the
original copies provided in this package and any copies Licensee has legally made.
TERM.
This Agreement is effective from the date Licensee opens this package, and shall remain in force until
terminated. Licensee may terminate this License at any time by destroying the Documentation and the
Software together with all copies. This Agreement shall also automatically terminate if Licensee breaches
any of the terms or conditions of this Agreement. Licensee agrees to destroy the original and all copies of
the Software and Documentation, or to return such copies to 3Com upon termination of this license.
LICENSE AUTHENTICATION.
Use of each Server license is authorized for an initial 30 calendar days providing all licenses are authenticated
by 3Com to allow for continued operation beyond these initial 30 days. If the Server license is not
authenticated within the initial 30 days of operation, on the 31st day, it will cease to transmit and cease to
forward or print received faxes. License Authentication Procedure is described in the Getting Started Guide
included with this CD.
LIMITED WARRANTY AND LIMITED LIABILITY.
Authentication. Licensee will automatically lose all rights under this Limited Warranty unless Licensee
initiates and completes the License Authentication Procedure promptly, completely, and accurately and
return it to 3Com within 30 days of installing and executing the Server Software.
Compatibility. The Software is only compatible with certain personal computers. The Software may not be
compatible with and is not warranted for non-compatible systems. Call 3Com Customer Support for
information on compatibility.
Diskettes and Documentation. 3Com warrants that if the enclosed magnetic diskettes, CD-ROMs or other
media or Documentation are in a damaged or physically defective condition at the time that the License is
purchased and if they are returned to 3Com (postage prepaid) within 90 days of purchase, then 3Com will
provide Licensee with replacements at no charge.
Software. 3Com warrants that if the Software fails to substantially conform to the specifications in the
Documentation and if the nonconformity is reported in writing by Licensee to 3Com within ninety (90) days
from the date that the License is purchased, the 3Com shall use commercially reasonable efforts to remedy
the nonconformity or at its option refund the purchase price.
DISCLAIMER OF WARRANTIES.
3Com makes no warranty, representation or promise not expressly set forth in this agreement. 3Com
disclaims and excludes any and all implied warranties of merchantability and fitness for particular purpose.
3Com does not warrant that the software or documentation will satisfy its requirements or that the software
and documentation are without defect, omission or error or that the operation of the software will be
uninterrupted. This limited warranty gives Licensee specific legal rights.
LIMITATION OF LIABILITY.
3Coms aggregate liability arising from or relating to this agreement or the Software or documentation is
limited to the total of all payments made by or for Licensee for the license. 3COM SHA LL NOT IN ANY CASE
BE LIABLE FOR ANY SPECIAL, INCIDENTAL, CONSEQUENTIAL, INDIRECT OR PUNITIVE DAMAGES EVEN IF
3COM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 3COM IS NOT RESPONSIBLE FOR
LOST PROFITS OR REVENUE, LOSS OF USE OF THE SOFTWARE LOSS OF DATA COSTS OF RECREATING LOST
DATA, THE COST OF ANY SUBSTITUTE EQUIPMENT OR PROBLEM, OR CLAIMS BY ANY PARTY OTHER THAN
LICENSEE.
SOLE REMEDY AND ALLOCATION OF RISK.
Licensees sole and exclusive remedy is set forth in this agreement. This agreement defines a mutually
agreed-upon allocation of risk and 3Coms prices and fees reflect such allocation of risk.
GENERAL CONDITIONS.
Governing Law. This agreement shall be governed by, and interpreted in accordance with the laws of the
state of Illinois.
Entire Agreement. This agreement sets forth the entire understanding and agreement between Licensee
and 3Com and may be amended only in writing signed by both parties. No vendor, distributor, dealer,
retailer, sales person or other person is authorized to modify this agreement or to make any warranty,
representation or promise which is different than, or in addition to the representations or promises of this
agreement.
Waiver. No waiver of any right under this agreement shall be deemed effective unless contained in writing
signed by a duly authorized representative of 3Com, and no waiver of any past or present right arising from
any breach of or failure to perform shall be deemed to be a waiver of any future right arising under this
agreement.
Severability. If any provision in this agreement is invalid or unenforceable, that provision shall be construed,
limited, modified or, if necessary severed, to the extent of necessary to eliminate its invalidity or
unenforceability, and the other provisions of this agreement shall remain unaffected.
DEFINITIONS.
3Com means 3Com Corporation and its subsidiaries, a company with offices in Mount Prospect, Illinois.
Licensee means the person or business entity that purchased this license to use this software or for the
end user for whom such license was purchased.
Software means the computer programs provided in the accompanying package.
Communication port means a single modem or serial port device attached to a personal computer serial
port, the use of which is allowed through the network, by any other network node or machine, locally or
remotely attached - and controlled by the software. Only one personal computer can access, load and
execute the software at any given time for each licensed communication port. The software shall not be
loaded on different/additional local area networks or internetworks. Different/additional networks must
have separate additional licenses.
Documentation means all guidebooks - either in printed or electronic format - and any other printed
material provided by 3Com with the software.
License means the license purchased and granted in this agreement.
LICENSE AUTHENTICATION PROCEDURES are described in the Getting Started Guide accompanying this
license. To protect our licenses and Licensees assurance of exceptional customer and technical services,
each license on a machine running 3Com Server software must be authenticated. For Licensees
convenience, Licensee can authenticate Licensees license via fax, phone or email.
The information required for authentication is stored in the server in a file called REGISTER.TXT. Please allow
five days for authentication.
YEAR 2000 INFORMATION:
For information on Year 2000 compliance and 3Com products, visit the 3Com Year 2000 web page: http://
www.3Com.com/products/yr2000.html
ONTENTS
C
A
BOUT THIS GUIDE
Conventions ........................................................................................................................ ix
Year 2000 Compliance ......................................................................................................... x
I
1
NTRODUCING SECURITY
......................................................................................................................Introduction1-1
The Nature of Objects ................................................................................................. 1-1
Accounts..................................................................................................................... 1-2
Groups........................................................................................................................ 1-2
Positive and Negative Security Permissions................................................................... 1-2
Security Glossary .............................................................................................................. 1-3
Adding Members to Pre-Defined User Groups ............................................................. 1-4
Pre-Defined User Groups ............................................................................................. 1-5
Security Objects and Permissions ................................................................................ 1-8
W
2
3
ORKING WITH SECURITY
............................................................................................................... Starting Security2-1
Sorting Security Information........................................................................................ 2-2
Setting Up Accounts ................................................................................................... 2-3
Setting Up Groups....................................................................................................... 2-6
Setting Up Security Permissions ................................................................................... 2-8
Resetting Security...................................................................................................... 2-11
S
ECURITY PERMISSION EXAMPLES
Sample Sales Permissions.................................................................................................. 3-1
I
NDEX
viii
BOUT
A
This chapter covers security issues over the network, assigning rights and
permissions to users.
If release notes are shipped with your product and the information there differs
from the information in this guide, follow the instructions in the release notes.
Most user guides and release notes are available in Adobe Acrobat Reader
Portable Document Format (PDF) or HTML on the 3Com World Wide Web site:
http://totalservice.3com.com/
T
HIS
G
UIDE
Conventions Table 1 and Table 2 list conventions that are used throughout this guide.
Table 1 Notice Icons
Icon Notice Type Description
Information note Information that describes important features or
Caution Information that alerts you to potential loss of data or
Convention Description
Screen displays This typeface represents information as it appears on the
Syntax The word syntax means that you must evaluate the syntax
Commands The word command means that you must enter the
The words enter
and type
instructions
potential damage to an application, system, or device
screen.
provided and then supply the appropriate values for the
placeholders that appear in angle brackets. Example:
To enable RIPIP, use the following syntax:
SETDefault !<port> -RIPIP CONTrol =
Listen
In this example, you must supply a port number for <port>.
command exactly as shown and then press Return or Enter.
Commands appear in bold. Example:
To remove the IP address, enter the following command:
SETDefault !0 -IP NETaddr = 0.0.0.0
When you see the word enter in this guide, you must type
something, and then press Return or Enter. Do not press
Return or Enter when an instruction simply says type.
x C
HAPTER
BOUT THIS GUIDE
: A
Convention Description
Keyboard key names If you must press two or more keys simultaneously, the key
names are linked with a plus sign (+). Example:
Press Ctrl+Alt+Del
Words in italics Italics are used to:
■ Emphasize a point.
■ Denote a new term at the place where it is defined in the
text.
■
Identify menu names, menu commands, and software
button names. Examples:
From the Help menu, select Contents.
Click OK.
Year 2000 Compliance
For information on Year 2000 compliance and 3Com products, visit the 3Com
Year 2000 Web page:
http://www.3com.com/products/yr2000.html
I
NTRODUCING SECURITY
1
This chapter explains how security works and what functions it performs. It also
provides reference information on pre-defined user groups, all permissions
and permission definitions.
Introduction The organization of this guide follows the concepts and steps required to set up
security. Follow the steps in this guide exactly to achieve the best results and
ensure the fewest problems.
After setting up the server and adding users, use the security module. Security
works with the existing trustee hierarchy (server supervisors, account supervisors,
administrators, managers and users) and allows you to specify permissions for
individuals (users), accounts and groups.
The Nature of Objects Documents are objects that are stored in the fax server that may be accessed by
users for faxing. Cover pages, telephone lists and attachments are objects. User
profiles and modems are also objects.
Permissions and Objects
Permissions determine who can do what to each object.
The security permissions for server supervisors are fixed. You cannot change the
permissions nor delete the user group. This ensures that the server always has
someone that can work with users, Server Setup and Security permissions.
When the server supervisor creates a new user, the user is assigned to an account
under an account manager by the server supervisor. Once assigned to an account,
the server supervisor assigns some control over the user to the account supervisor.
Functions of Security
Security allows you to:
■ Create accounts for users and objects (such as modems, cover pages and
phonebooks)
■ Create Groups of users and objects
■ Set the permissions owned by users, user accounts and user groups, to access
specific objects and object groups.
Some examples of permissions to access a modem include:
■
Monitor the status of the modem
■
Reset the modem
■
Pause/Resume modem activity
1-2 C
HAPTER
NTRODUCING SECURITY
1: I
A complete description of all possible permissions appears in the Security Objects
and Permissions section later in this chapter.
A permission can be:
■ Grantedyou can do the action
■ Deniedyou cannot do the action
■
Inheritedyou can or cannot do the action based on the permissions defined
for your group
■
Irrevocableyou can do the action and the permission cannot be denied.
To learn more about the types of permissions, see Icon ListPermission Icons
page 1-4.
Accounts An account does for CommWorks IP Fax Solutions roughly what a domain
does for Windows NT. Here are some attributes of accounts:
■ Each account contains one or more users
■ Every user belongs to one account
■ Users have more rights to things that belong to their own account, than they
do to things that belong to other accounts. For example, a user might have
read-access to a public phonebook created by another user who belongs to the
same account, but would have no access to phonebooks created by users who
belong to a different account.
on
Groups Setting up and managing security is easier when objects and users are grouped.
Positive and Negative
Security Permissions
■
Each account has its own administrator. Administrators have all-powerful
privileges to things (e.g. end-users and fax-jobs) which belong to their own
account, but no privileges to things that belong to another account.
Create groups of users to assign similar permissions. For example, you might have
a Sales User group that has permission to use the same fax port device.
Create groups of objects to assign users similar permissions to use tham. For
example, a subset of modems called Sales might be accessable only by members
of the Sales User group.
Grant permission to do something (positive) or deny permission to do something
(negative). The following is an example of a negative permission:
Assume that All Fax Users have permission to use and monitor fax port
number 2. Sales users are to use this port, but are not to monitor it. In this
Security Glossary 1-3
case, simply remove permission from the Sales User group to deny them
access to monitoring feature of fax port 2. All other user groups, except
those belonging to the sub-group Sales User, can still monitor the modem.
This illustrates that user groups with similar permissions can be modified, allowing
greater control.
Security Glossary
Irrevocable PermissionA permission that is granted to users because they
belong to a pre-defined group with permissions that cannot be changed. The
server supervisor, account supervisors, CommWorks IP Fax Solutions manager,
CommWorks IP Fax user and Assistant groups all have irrevocable permissions.
Default PermissionA permission that is granted to users because they belong
to a pre-defined group with the permissions. The difference between default
permissions and irrevocable permissions is that you can change Default
Permissions.
Owned By SelfAny object that users can create or is owned by them has a
group labeled Owned By Self. This group gives the creator or owner of an
object more permissions for objects they own than for objects that are owned by
other people. Some objects that users create are faxes, attachments and cover
pages. Some objects users own are received faxes and their user profile.
MemberEach group of users or objects can have members. Members are
individuals or sub-groups that belong to a group.
ListUsers with the list permission can see that the object or user exists, although
they may not be able to use it. Generally, the user or User group must have this
permission before they are granted another permission for the object. For
example, a user that has the Use Attachment permission without the List
Attachment permission will never see the attachment to select it; therefore, the
user cannot use the attachment.
Account # Every user belongs to one account. Accounts are named using
account numbers (Account #s). The Account # to which each user belongs is
displayed in the User Properties dialog. Properties for these Account #s are also
1-4 C
HAPTER
NTRODUCING SECURITY
1: I
set up here. There are two states of an Account # in reference to a user. The
Account # is either Active or Forwarded.
Table 1-1 Icon ListObject Icons
Icon Name Icon Name
Server Modems
Attachments Phonebooks
Cover Pages User Profiles
Account #’s Server Setup
Fax Jobs Users
Adding Members to
Pre-Defined User Groups
Folders
Table 1-2 Icon ListPermission Icons
Icon Name Icon Name
Granted permission
that was inherited.
Granted permission
that was explicitly
given.
Granted permission
that cannot be
denied.
Denied permission
that was inherited.
Denied permission
that was explicitly
refused.
There are six pre-defined user groups; server supervisors, account supervisors,
managers, Fax Administrators, and CommWorks IP Fax users.
Use the Security module to add, authenticate and define new users.
Assistants also have irrevocable permissions, however, since the assistant's
permissions depend on another users permissions the assistant user level is not
listed as a pre-defined User group. Assistants have the same permissions to fax
jobs as the user they assist.
Loading...