SWAN Security Issues

Since both the communication between the VAX and the local server utilizes standard Internet technologies, you need to be aware of the following security items:

Checking log files -- this task should be done both on the Alpha/VAX and also on the server located in each participating district. Below are the most commonly abused areas. When looking at the log files, look for repeated and unsuccessful attempts to login as a specific user. This could either be someone that forgot their password or someone using a random password generator to try and obtain a user's password.
- ftp
- pop3
- http
Anonymous FTP lock out. Try hitting ftp://hostname/ to determine if the anonymous FTP user has been enabled. If so, browse and see if there are files that you do not want people to have access to. To disable the anonymous FTP account on the Novell FTPD server, remove the user named anonymous. To disable the anonymous FTP user in the Windows NT WAR-FTP server, click on the box marked "No anonymous logins".
For Novell servers, try to hit the URL http://hostname/lcgi/perl5/genlist.pl -- if it shows the program script, then follow the directions in