Table of Contents
Advertisement
Advanced security mode
You can configure the ISDN gateway to use advanced security mode. Advanced security mode has
the following features:
The ISDN gateway will hash passwords before storing them in the configuration.xml file (see
Hashing passwords
The ISDN gateway will demand that passwords fulfill certain criteria, using a mixture of
alphanumeric and non-alphanumeric (special) characters (see
Passwords will expire after 60 days
A new password for an account must be different from the last ten passwords used with that
account
The ISDN gateway will disable a user's account if that user incorrectly enters a password
three times consecutively. If this is an admin account, it is disabled for 30 minutes; for any
other account, it is disabled indefinitely (or until you, the administrator, re-enable the account
from the User page)
Non-administrator account holders are not allowed to change their password more than once
in any 24 hour period
Administrators can change any user account's password and force any account to change its
password by selecting Force user to change password on next login on the User page.
Administrators can prevent any non-administrator account from changing its password by
selecting Lock password on the User page.
The ISDN gateway will disable any non-administrator account after a 30 day period of account
inactivity. To re-enable the account, you must edit that account's settings on the User page
If you enable advanced security, all current passwords (created when the ISDN gateway was not in
advanced security mode) will expire and users must change them.
When using Advanced account security mode, it is a good idea to rename the default administrator
account. This is especially true where the ISDN gateway is connected to the public internet because
security attacks will often use "admin" when attempting to access a device with a public IP address.
Even on a secure network, if the default administrator account is "admin", it is not inconceivable that
innocent attempts to log into the ISDN gateway will cause you to be locked out for 30 minutes.
In advanced security mode, if a user logs in with a correct but expired password the ISDN gateway
asks that user to change the password. If the user chooses not to change it, that user is allowed two
more login attempts to change the password before the account gets disabled.
Hashing passwords
In advanced security mode, the ISDN gateway will hash passwords before storing them in the
configuration.xml file. The configuration.xml file is used for backing up and restoring the configuration
of the ISDN gateway (see
advanced pasword security, all user passwords are stored in plain text in the configuration.xml; this
might be a security issue. If you select to use advanced password security, they will not be stored
anywhere on the ISDN gateway in plain text; instead the passwords will be stored as hash sums. Note
that hashing user passwords is an irreversible process.
Cisco TelePresence ISDN Gateways v2.0 Online help (Printable format)
below)
Upgrading and backing up the ISDN
Configuring security settings
Password format
gateway). If you do not select to use
below)
83 of 116
Hide quick links:
Advertisement
Table of Contents
