Polycom RealPresence Group Series Administrator's Manual page 90

Setting
Reject Previous Passwords
Minimum Password Age in Days
Maximum Password Age in Days
Minimum Changed Characters
Maximum Consecutive Repeated Characters
Password Expiration Warning
Can Contain ID or Its Reverse Form
3. Click Save.
Changes to most password policy settings don't take effect until the next time the password is changed.
Changes take effect immediately for Minimum Password Age in Days, Maximum Password Age in
Days, and Password Expiration Warning. Changing Minimum Length from Off to some other value
also takes effect immediately.
Preventing Account Unauthorized System Access
RealPresence Group Series systems provide access controls that prevent unauthorized use. One way
someone might try to discover valid user names and passwords is by exhaustively attempting to log in,
varying the user name and password data in a programmatic way until discovering a combination that
succeeds. Such a method is called a "brute-force" attack.
To mitigate the risk of such an attack, two access control mechanisms are available on the system. The
first type of access control, account lockout, protects local accounts from being vulnerable to brute-force
attacks, while the second, port lockout, protects login ports themselves from being vulnerable to brute-
force attacks.
Account lockout temporarily locks a local account from accepting logins after a configurable number of
unsuccessful attempts to log in to that account. It protects only the local system's Admin and User local
accounts. When external authentication is used, the Active Directory Server protects Active Directory
accounts.
The systems provide separate account lockout controls for each of their local accounts, which are named
Admin and User. The account lock can be invoked due to failed logins on any of the following login ports:
Polycom, Inc.
Description
The number of most recent passwords that you can't
reuse. If you set this to Off, all previous passwords are
valid.
The minimum number of days before the password can
change.
The maximum number of days before the password
must change.
The number of characters that must be different or
change position in a new password. For example, if you
set this to 3, 123abc can change to 345cde but not to
234bcd.
The maximum number of consecutive repeated
characters allowed in a password. For example, if you
set this to 3, aaa123 is a valid password but aaaa123
is not.
Specifies how many days in advance a warning
displays indicating that the password expires soon (if
you set a maximum password age).
Specifies whether the associated ID or its reverse can
be part of a password. If you enable this setting and the
ID is admin, passwords admin and nimda are
allowed.
Securing the System
88