Security features deter unauthorized use of your system and data. If you use your server in a public environment, such as an office, you might want to protect it and the data stored on it, by using one or more security features. Before implementing any security features, you might begin by evaluating your security needs. Where will the system be located? Does it need to be secured to permanent furniture or fixtures? Should use of the system be limited? When you have identified your security needs, you can activate or implement the appropriate security features.
LogicLock (comes with SurePath systems)
We are not sure on how the LogicLock switches provide
input to the CMOS. At this point, I am not sure if
there are ancillary ICs involved with storing status
outside of the CMOS. So until further notice, don't
enable the PAP (Unauthorized Access Monitor).
LogicLock (advanced security features)
that come with
your server include tamper-evident switches. This active
uses microswitches on the covers to indicate if someone
has tried to open
the front cover. Location and pinout of Cover Interlock
If the case cover is forced while PAP is enabled, the CMOS user configuration will be erased and the system power will be shut off. This will force an autoconfiguration or manual configuration, but either will require the use of the Administrator or Privileged Access Password (PAP).
NOTE: If the PAP
is forgotten, the planar must be replaced or returned
Extended Control Register A (Hex 4A)
Michal Necasek said
Cover Interlock Connector
The upper assembly has a plunger sticking out of
the front side.
That plunger is actuated by a long post that is part of
the front case
Two keys are provided with your server. Always store the keys in a safe place. If you lose them, you must order a replacement lock mechanism and keys from IBM. Please note that anyone who has the key serial number and manufacturer's address can order duplicate keys, so store the tag in a safe place.
The cable-cover option prevents the cables from being removed from the rear of the server, and prohibits other computers or devices from being attached to the unused connectors.
Note: The cable cover does not protect against unauthorized access through devices attached outside of the system.
When you set an administrator password, the unauthorized-access monitor is automatically enabled. If you do not want the system to stop operations if the covers are tampered with, set the unauthorized-access monitor to Disable. You can change the setting of this feature through the Change Configuration screen.
Not all operating systems support this feature.
Some advanced network management programs
audit usage, based on names, adapter addresses, date,
time, and unsuccessful
attempts to access a file. This type of
information can help you
identify users who are attempting to access restricted
To secure extremely sensitive data, you might want to consider using a commercially available data-encryption tool. These tools encode the data files so that they are unintelligible, thus useless if stolen. There are two ways that you can encrypt data: by using a program or using an encryption device. The software programs are usually less expensive than the hardware devices, but they also are slower.
The power-on password locks the keyboard
and mouse (if
attached to the mouse port) to help prevent unauthorized
use of your server.
If you are using a mouse that is connected to the serial
port, the mouse
After you set a power-on password, Enter password appears each time you turn on the server. Before you can use the server, you must enter the correct password. (The password does not appear on the screen as you type it.) When you enter the correct password, Password accepted appears on the screen, the keyboard and mouse are unlocked, and the system resumes normal operation. If you type the wrong password, Incorrect password appears on the screen and Enter password is again displayed. After three incorrect attempts, you must turn off the server and start again.
Although Enter password does not appear, the keyboard and mouse remain locked until you enter the correct password. This mode is ideal for systems that operate unattended. If a power failure occurs, the system automatically restarts when power returns and resumes normal operation, without operator intervention.
ATTENTION MOUSE USERS: The following statement applies only to those who use a PS/2-style mouse; a serial mouse is not affected.
In the unattended start mode, the keyboard and mouse ports are disabled (locked). Because of this, the system cannot detect that a mouse is attached, and an error occurs.
You must do one of the following:
o In the
set the operating system so that it does not stop on a
For example, under OS/2 , use the PAUSEONERROR=NO
When using the OS/2 operating system, if
you do not perform
one of the previous steps, the system issues an error
message, halts, and
prompts you to press Enter to continue. Before
pressing Enter, type
the power-on password.
The administrator password allows you to control who has access to the system programs. If an administrator password is set, you must enter it to use the system programs in the System Partition on the hard disk or on the Reference Diskette. The administrator password also can be used to override the power-on password. After an administrator password is set, only those who know the password can perform tasks such as:
o Altering computer settings or features controlled by
the system programs
Your server is shipped with the administrator
Disabled. You must move a jumper
on the system board before an administrator password can
be set for the
first time. The jumper has two positions:
Warning: If an administrator password is set, then forgotten, it cannot be overridden or removed. The system board must be replaced in order to access the system programs.
the Administrator Password Works
You can use any combination of up to seven
(A-Z, a-z, and 0-9) for your administrator password,
just as you can with
your power-on password. For additional security,
the two passwords
should not be the same.
One important difference between the
and the administrator password is that a forgotten
cannot be overridden or disabled. The single most
for setting an administrator password is that when one
is set, only those
who know the password can access the system programs and
modify the hardware
or change any of the settings.
If you type the wrong password, Incorrect password appears and Enter the privileged-access password is again displayed. After three incorrect attempts, The system is locked message is displayed and you must turn off the server and start again.
an Administrator Password
The way you set the keyboard password
depends on the operating
system you are using. The OS/2 operating system
protection as a standard feature.
If you forget your keyboard password, turn off the server for at least 5 seconds; then turn it on. The keyboard password is erased from memory when you turn off the server.
In most cases, you do not need to change
the default drive-startup
sequence. However, if you set an administrator
password, or are working
with multiple hard disk drives, multiple operating
systems, or different
sized diskette drives, you might want to change the
The default drive-startup sequence checks
diskette drive for a self-starting (bootable)
diskette. If one is
present, the operating system or program is loaded from
If not, the system checks the primary hard disk for an
If one is present, it is loaded from that hard
If you start the system from a diskette,
the drive containing
the diskette becomes drive A, regardless of the defined
sequence, and the
first hard disk selected in the startup sequence becomes
You can choose a startup sequence of up to four
You can customize the startup sequence by changing the order in which the system checks the drives. You decide which four drives are the first to be checked, and the order in which the system checks them.
2. When you change the startup sequence, the drive letters also might change. The operating system assigns the drive letters when the system starts. Letters A and B always are assigned to diskette drives. Subsequent drive letters can be assigned to any type of drive based on the operating system or the device drivers used.
Warning: If you changed your startup sequence, you must be extremely careful when doing write operations (for example, copying, saving, or formatting). You can accidentally overwrite data or programs if you select the wrong drive.
The setup routine ensures that at least
one source is
specified if the privileged-access password is
Earlier PS/2 models could also specify the
however, the sequence was stored in CMOS and could be
these systems, the sequence is stored in nonvolatile
memory and cannot
be deactivated by removing a battery.
Data from Loss
There are primarily three ways that you can protect your data from loss. You can wait until the data accumulates on the server, and then make backup copies of all the hard disks. You can configure a disk array to duplicate data (create a redundant copy) as it is entered, and then store the duplicate copy on a separate hard disk. Or, you can configure a disk array to store the parity information about the data on the array as the data is being entered.
Backing up the entire contents of a hard
disk to diskettes
can be very time-consuming and, in the case of a network
server that has
multiple hard disks, might require hundreds of
diskettes. A faster
and more efficient way to back up the data is to use a
Using a tape-backup drive, you can copy several billion
bytes of data from
the hard disks to a single tape.
Viruses are difficult to detect.
Many stay inactive
until triggered by a specified event such as a date,
command, or some other
operation. Others are activated when an infected
program is started
a specified number of times. When the symptoms of
it might be difficult to determine if the problem is a
a problem in the software, or a virus in action.
Several programs are available that can
detect the presence
of many known viruses. These programs typically
examine files and
look for patterns associated with these viruses, or look
for changes in
the size of files. These programs are best used as
a preventive measure
to detect a virus before it becomes widespread or causes
Many computer users check for viruses on a regular
When a virus is found, it must be
might be as simple as replacing a file, or it might
require the assistance
of a trained technician.
Viruses are generally spread unknowingly from computer to computer when programs are exchanged or shared. If you don't know where a program came from, be careful. Most reputable program distributors and bulletin-board owners scan their files to guard against viruses and maintain records to identify program owners.
Here are a few tips to help
guard against computer
Remember, not every problem is caused by a virus. If your system starts acting erratically, refer to your troubleshooting charts in the User's Handbook to test the system.
One way to help ensure that no readable
left on a hard disk is to do a low-level format.
format operation does not remove all information from a
The operating-system format operation
works a little differently
with diskettes. It writes a repeated pattern over
the entire surface.
Any information that was on the diskette becomes
Depending on the type of information stored, you might require additional safeguards.