8 Cyclades ACS 6000 Advanced Console Server Installation/Administration/User Guide
• Either allow all users to access enabled ports or allow the configuration of group authorizations
to restrict access
• Select a security profile, which defines:
• Which services (FTP, ICMP, IPSec and Telnet) are enabled
• SSH and HTTP/HTTPS access
The administrator can select either a preconfigured security profile or create a custom profile.
All the services and the SSH and HTTP/HTTPS configuration options that are enabled and disabled
for each security profile are shown in the First Time Configuration window, the Appliance Settings
- Security - Security Profile window and the CLI show command list.
The following table shows the configuration of each predefined security profile.
Authentication
Authentication can be performed locally, with One Time Passwords (OTP), or on a remote
Kerberos, LDAP, NIS, Radius or TACACS+ authentication server. If the ACS 6000 console server
is managed by a DSView 3 software server, DSView authentication is also supported. The console
server also supports remote group authorizations for the LDAP, Radius and TACACS+
authentication methods.
Table 1.5: Security Profile Services, SSH, and HTTP/HTTPS Definitions
Service or Other Security Parameter Secure Moderate Open
Telnet X
SSH v1 X X
SSH v2 X X X
Allow SSH root access X X
HTTP X X
HTTPS XXX
HTTPS - SSL v2 X X
HTTPS - SSL v3 (also enables TLSv1) X X X
HTTP redirection to HTTPS X
SNMP X
ICMP X X
FTP (None. Can be set only in custom.)
IPSec (None. Can be set only in custom.)
To Next Page
Loading...
