Securing an ECLYPSE Controller
ECLYPSE User Guide 105
Passwords
A username / password combination (or credentials) authenticates a user’s access rights to
a controller. If an attacker gains access to a user’s password, the attacker has access to
carry out any action on the controller that is allowed by that user’s permissions.
Change the Default Platform Credentials
When a controller is shipped, the following default credentials provide ‘administrator’ access
rights. It is essentially important to change these credentials when first logging into the
controller.
Username: admin
Password: admin
It is important to create new user accounts with strong passwords to protect the controller
from unauthorized access. Remove the factory default account admin / admin as this is a
commonly known security breach. The username / password can be changed in User
Management on page 85 and see also Supported RADIUS Server Architectures on page 61.
Use Strong Passwords
Passwords should be hard to guess. Avoid birthdates and common keyboard key
sequences. A password should be composed of a random combination of 8 or more
uppercase and lowercase letters, numbers, and special characters.
Do Not Allow a Browser to Remember a User’s Login
Credentials
When logging into an ECLYPSE controller with certain browsers, the browser asks to
remember a user’s login credentials. When this option is set, the next time the user logs in,
the credentials will automatically be filled in. While this is convenient, anyone with access to
the computer can login using those credentials. Do not set this option for administrator
accounts or when accessing an account from an unsecure computer.
To Next Page
Loading...
Need help?
General