Set Security Profile - AMX NI-700 Webconsole & Programming Manual

Terminal Commands (Cont.)
Command

SET SECURITY PROFILE

NetLinx Integrated Controllers (Firmware v4)- WebConsole & Programming Guide
Description
Sets a pre-defined Security Profile (a grouped set of security settings). The Security Profile can be
set to "none" (default setting), "Secure", or "DOD" (see below).
Note: The Security Prof ile can only be conf igured via the terminal interface of the Master's Program
port.
Example:
set security profile
When you press Enter, the system responds with:
Current Security Profile = 0 (none)
Enter new security profile (0=none, 1=secure, 2=DOD):
Once you enter a value and press Enter, the system responds with:
New security profile set, reboot the Master for change to fully take effect.
The three Security Profiles are described below:
None (default):
• No security is enabled and all Master interface ports are available including HTTP, HTTPS, Telnet,
SSH, FTP and terminal access.
• Logins are not required on the Master's Web, Telnet and terminal interfaces.
• This is the default out-of-the-box configuration.
Secure:
• Unsecured interface ports are disabled including HTTP, Telnet and FTP. Only HTTPS and SSH and
terminal user ports are available.
• All user access requires a username/password login including HTTPS, SSH and terminal.
• NetLinx/ICSP security is enabled requiring all NetLinx devices connecting with the Master to
provide username/password authentication and encryption.
• Passwords must conform to a stricter set of requirements. They must be at least 8 characters
long and contain at least one upper and one lower case alpha, one numeric and one special
character (excluding the blankspace).
Allowed Special Characters:
The following special characters are allowed for use in User Name and Password entries:
! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
Also allowed are any printable ASCII characters (including "space"): A-Z, a-z, 0-9.
• Passwords cannot contain back-to-back duplicate characters.
• To ensure all account passwords conform to the new standard, all existing user accounts are
deleted and the built-in 'administrator' and 'netlinx' account passwords are set to the secure
default of 'Amx1234!'
• Failed login attempts will force a 4 second delay before a subsequent login attempt can occur.
• Three consecutive login failures from any location will cause a 15 minute lockout for the
specified user account.
• If a banner.txt file is present in the Master's /user directory, the text from the banner.txt file will
be included on the Master's Web login prompt.
• All user account access will be timed out after at most 15 minutes of inactivity by the user. Any
activity after the timeout will cause the login prompt to be displayed and login will be required to
regain access. The inactivity timer on an SSH and terminal session will be disabled if "msg on"
logging is active.
• All account access including successful and failed logins and logouts will be recorded in
persistent storage. Audit records will be retained for 90 days. The current audit logs can be
viewed via SSH or terminal sessions using the "show audit log" command. The audit log can be
manually cleared from SSH or terminal session using the "clear audit log" command.
DoD:
DoD security profile has all of the security specifications of "secure" profile along with the
following additional features:
• The default Web login banner text consists of the following: "This is a Department of Defense
(DOD) computer system provided only for authorized U.S. Government use. This system may be
monitored for all lawful purposes. All information, including personal information, placed on or
sent over this system, may be monitored. Use of this DOD computer system, authorized or
unauthorized, constitutes consent to monitoring of this system. Unauthorized use may subject you
to criminal prosecution and penalties."
• The default Web login banner text can be overridden by providing a banner.txt file in the /user
directory.
• The SSH and terminal interface will display the following banner after a successful login: "DOD
use only! Subject to monitoring, reporting, prosecution, and penalties."
Terminal (Program Port/Telnet) Commands
94