NetCharts Server is a standalone application/web server like IIS, WebSphere, JBoss and others. There are two installation options for NetCharts Server, Production and Complete. The Production installation is intended for production instances or any publicly accessible instance. The Complete installation option is intended for development or non-production instances or internal use. Like with any application server, NetCharts Server Administrators should understand and apply the appropriate security measures and restrictions based on their environment.

Users can make unauthorized adds, modifications, or deletions from the web Server via projectContents.jsp

If you have a Complete installation of NetCharts Server, in addition to the Admin Console there is also the Development Console. The Development Console by default allows any user to view and edit projects on NetCharts Server.

The Development Console by default allows any user to view and edit projects on NetCharts Server and should only be installed in controlled developmetn or non-production environments. If security policies require that access be restricted to only authorized user Administrators should enable access controls on the Development Console to only allow access from the Admin user or a user defined in the Developer group.

To restrict access to the Development Console to only authorized users, open the NetCharts Server Admin Console and select the Manage ACLs area. Then select the Security restrictions on Developer Console button in the Security Toggles subpanel. The button will appear green when enabled. Now, only the Admin user or users defined in the Developer group can access the Development Console.

To allow access to the Development Console to another user besides the Admin, open the NetCharts Server Admin Console and select the Manage Users area. Select the New button to define a new user login for NetCharts Server and enter in the username, password and name (Email Address is Optional). Now, select the Manage Groups link in the same Security section. Then click the Edit button for the Developer group and select the user you created (keeping “Anonymous NetChartsServer User” deselected). The user you defined is now part of the Developer group and can access the Development Console.

Administrators can also enable restrictions on the projects folder to prevent browsing and access restrictions on individual projects to limit operations on deployed projects within NetCharts Server.

You can find more information on these steps in the NetCharts Server Administrator’s Guide. Scroll down to the security and access control areas for screenshots and information.

The remote Web server allows the PUT and/or Delete method

NetCharts Server implements the full set of HTTP method operations, such as GET, POST, BROWSE, PUT, DELETE, etc. Security permissions within the Admin Console allow for the disabling/enabling of read and/or write permissions to projects and the Development Console. But, there is no means to disable write permissions to the root folder. This may cause some security tools to raise concerns.

To see this functionality, you can enter the following commands in a telnet window:
PUT /projects/Examples/file.html HTTP/1.0
Content-Length: 10

deletethis
<CR><CR>

and
DELETE /projects/Examples/file.html HTTP/1.0
<CR><CR>

The first command will create a file, file.html, in <installdir>/Server/root. The second command will delete that file.

To address it, we have published a basic NetCharts Server project that can be used to disable write related permissions, such as DELETE and PUT, on the root folder application. To use this application, download the file http://www.visualmining.com/resources/downloads/ncs/NetChartsServerAccessControl.zip and perform the following steps:

1. Copy the file <installdir>/Server/conf/acl.db to <installdir>/Server/conf/acl.db.backup.
2. Unzip the aclupdater project from the downloaded ZIP file.
3. Import the aclupdater project into NetCharts Server via the Admin Console.
4. If you wish to keep this project contained in NetCharts Server, apply security restrictions against the project using the Manage ACLs option in the Admin Console.
5. Inside the project is a single JSP page, acl.jsp. The JSP page has three modes:
   – VIEW: The default mode that shows a crude table of the current records. To use, in a browser enter http://localhost:8001/projects/aclupdater/acl.jsp.
   (NOTE: Change “localhost” to the server where NetCharts Server is located if on a different machine.)
   – ADD: When called will disable write based permission to the root folder. To use, in a browser enter http://localhost:8001/projects/aclupdater/acl.jsp?action=add.
   (NOTE: Change “localhost” to the server where NetCharts Server is located if on a different machine.)
   – CLEAR: When called will remove the restrictions on the root folder. To use, in a browser enter http://localhost:8001/projects/aclupdater/acl.jsp?action=clear.
   (NOTE: Change “localhost” to the server where NetCharts Server is located if on a different machine.)
6. Once the “ADD” action has been performed, if you run the test code again, you will receive notices that the action of forbidden and you cannot run PUT or DELETE operations via HTTP.
7. If you do not wish to keep the project in NetCharts Server, at this point delete the project via the Development Console.

When the restrictions are in place, you can still create projects and content in the Development Console and upload projects via the Admin Console.

Restricting access to clients via network configuration

NetCharts Server Administrators can restrict access to NetCharts Server based on IP addresses. To configure open the NetCharts Server Admin Console and select the Security area. Under Security are the following options:

• Use IP Restrict: Determines whether or not IP based restriction checks are performed. By default these checks are turned off. Set the value to true to enforce the restriction.
• Allowed IP’s: The set of IP Address values to allow access to server resources if UseIPRestrictions is turned on.
  Format: IP,IP,IP where IP can be of the format xxx.xxx.xxx.xxx or xxx.xxx.xxx or xxx.xxx or xxx
  Example: 192.168.1.40, 10.0.0 – Allows access from 192.168.1.40 and 10.0.0.XXX
• Restricted IP’s: The set of IP Address values to deny access to server resources if UseIPRestrictions is turned on.
  Format: IP,IP,IP where IP can be of the format xxx.xxx.xxx.xxx or xxx.xxx.xxx or xxx.xxx or xxx
  Example: 192.168.1.40,10.0.0 – Denies access to 192.168.1.40 and 10.0.0.XXX or:
  Example: all – Denies access to all IP addresses not declared in AllowedIPAddresses.

Using the latest release of NetCharts Server

All NetCharts Server users are strongly encouraged to upgrade to the latest release of NetCharts Server. New security functionality has been introduced in the latest release and are referenced in the above steps. Access to the latest release and updates are included for all users with active License Maintenance and Support agreements.

NetCharts Server users can stay informed of product releases updates via the Visual Mining Chartline Newsletter. Using the form at the bottom of this page users can sign up to receive the newsletter or contact Visual Mining for more information.

For users with active License Maintenance and Support agreements, contact our Technical Support team for more information or assistance with securing NetCharts Server.