3
c. Follow the instructions located in Chapter 4, Security, in the SAG to set up the security functions listed in Item a
above. Note that whenever the SAG
requires that the System Administrator provide an IPv4 address, IPv6 address
or port number the values should be those that pertain to the particular device being configured.
In setting up the device to be in the evaluated configuration, perform the following
:
1. Administrator Password:
i. Change the Administrator password upon installation. Reset the Administrator password periodically.
Set the Administrator password to a minimum length of eight alphanumeric characters.
Change the Administrator password once a month and
Ensure that all passwords are strong passwords (e.g., passwords use a combination of alphanumeric
and non-alphanumeric characters; passwords do not use common names or phrases, etc.; special
characters such as a star (*) could be accepted).
To change the Administrator password from the Web UI, follow the instructions under “Changing the System
Administrator Password” in Section 2 of the SAG.
To change the Administrator password from the Control Panel, follow the instructions under “Changing the
System Administrator Password at the Control Panel” in Section 2 of the SAG.
ii. Disable the Admin Password Reset security feature so it is not used. To disable this feature, perform the
following:
At the Web UI select the Properties tab.
Select the following entries from the Properties 'Content menu’: Security Admin Password
Reset Policy
Select the [Disable Password Reset] option and then select the [Apply] button to save the option
entered.
2. Authentication:
i. Establish local authentication at the device by following the “Configuring Local Authentication Settings”
instructions in Section 4 of the SAG.
Set up unique user accounts with appropriate privileges on the device for all users who require access to
the device by following the “User Database” instructions in Section 4 of the SAG.
ii. Establish network (remote) authentication access to network accounts by following the “Configuring
Network Authentication Settings” instructions in Section 4 of the SAG to set up an Authentication Server.
In the evaluated configuration the only allowable Authentication Types are Kerberos (Solaris), Kerberos
(Windows) or LDAP.
When configuring network authentication using LDAP/LDAPS enable SSL by following the instructions in
Step 3 for “Configuring LDAP Server Optional Information” under “LDAP” in Section 3 of the SAG, making
sure that Enable SSL (Secure Socket Layer) under SSL is selected.
iii. Establish user authentication via a Smart Card by following either the “Configuring Smart Card
Authentication Settings” instructions in Section 4 of the SAG or the “Software Configuration” instructions
starting on page 18.
3. Authorization:
Either local authorization or network authorization using LDAP is allowed in the evaluated configuration.
Local Authorization
i. Establish local authorization at the device by following the “Configuring Local Authorization Settings”
instructions in Section 4 of the SAG. Note that local user accounts on the device should be set up first
before user permissions are set up.
Set up user roles and user permissions to access device services and features based on the roles users
are assigned by following the instructions for “User Permissions” under “Configuring Authentication
Settings” in Section 4 of the SAG.
The instructions for setting up the device in the Evaluated Configuration assume that the System Administrator has been successfully
authenticated as a System Administrator at either the Control Panel or Web UI following the instructions in section I.a of this document.
To Next Page
Loading...
