If an nToken isn’t installed, then it is recommended to use software-
based authentication. If neither an nToken nor software-based
authentication is available for secure authentication, the client
connection relies solely on the nShield Connect validating the client’s IP
address against the configured value to authenticate the client. In this
instance the 'credentials' used by the nShield Connect to authenticate
the client are weaker than the 'credentials' used by the client to
authenticate nShield Connect. The method for authenticating the client
may be vulnerable to its IP address being spoofed by an attacker.
4.6.8. Configuring the serial console
The serial console on the nShield Connect is enabled by default and can be disabled from
the front panel. Regardless of the serial console being enabled or disabled, factory
resetting an nShield Connect will re-enable the serial console. Disable the serial console if
serial console connectivity is not required to prevent unauthorized access attempts. This
is important as the serial console is shipped with a known default password that could
allow an unauthorized access if the serial console is enabled and the default password is
not changed.
The Serial Console requires a serial cable connection to a serial port aggregator which in
turn is connected to an Administrator console via a communication channel. The
administrator must ensure that a secure channel is correctly setup between their console
and an authenticated serial port aggregator. Physical access controls should be deployed
to protect the following from unauthorized access attempts:
•
Serial cable
•
Serial port aggregator
•
Administrator console
Logical access controls should be deployed to protect the following from unauthorized
access attempts:
•
Serial console
•
Serial port aggregator
•
Administrator console
All passwords should be protected from unauthorized access or viewing.
The username for accessing the serial console is cli and the default password is admin.
On first login you will be prompted to change the password for the cli user. The minimum
length of the new password is 5 characters. The functionality does not enforce strong
passwords therefore these should be manually implemented – see the relevant password
nShield® Security Manual 20 of 90
To Next Page
Loading...
