Encryption - Polycom realpresence group series Administrator's Manual

The following is an example of how the port lockout feature works.
A RealPresence Group system web interface is configured with these settings:
● Admin Settings > Security > Global Security > Authentication> Enable Active Directory
External Authentication is enabled, a valid Active Directory Server Address is configured, as are
both the Active Directory Admin Group and Active Directory User Group settings.
● Admin Settings > Security > Global Security > Access > Lock Port after Failed Logins is set to
4.
● Admin Settings > Security > Global Security > Access > Port Lock Duration is set to 1 Minute.
● Admin Settings > Security > Global Security > Access > Reset Port Lock Counter After is set
to 1 Hour.
Scenario 1:Web interface locked due to excessive failed logins
A user fails to log in to the local Admin account two times on the web interface, and another user fails to
log in to the external Active Directory 'SuperUser' account in a separate web interface session. The
'SuperUser' account is defined as part of the Active Directory Admin Group on the Active Directory Server.
This means that three failed attempts have been made on the web interface port—two by one user and one
by a second user. If the next attempt to log in to the web interface by either user or some other user is
successful, the failed login counter for the web interface port is reset to zero, allowing 4 more failed attempts
to occur on the web interface.
On the other hand, if after the third failed login attempt, any user makes a fourth unsuccessful attempt to
any account on the web interface, further attempts to access the web interface using any account
credentials from any user are locked out for 1 Minute, the value of the Port Lock Duration period. After the
1 Minute port lock period has past, logins will once again be allowed. As this example illustrates, the failed
login attempts made to the web interface accumulate across any attempts to any account and/or by any
user.
Scenario 2: Failed attempts counter resets after failed login window closes
A user fails to log in to the local Admin account two times on the web interface, and another user fails to
log in to the external Active Directory 'SuperUser' account in a separate web interface session. The
'SuperUser' account is defined as part of the Active Directory Admin Group on the Active Directory Server.
This means that three failed attempts have been made on the web interface port—two by one user and one
by a second user. If no more failed attempts are made within 1 Hour of the first failed attempt (which is the
value of the Reset Port Lock Counter After setting), the failed login attempts counter is reset to zero, and
4 failed attempts are allowed again before the web interface is locked.

Encryption

AES encryption is a standard feature on all Polycom RealPresence Group systems. When it is enabled, the
system automatically encrypts calls to other systems that have AES encryption enabled.
If encryption is enabled on the system, a locked padlock icon appears on the monitor when a call is
encrypted. If a call is unencrypted, an unlocked padlock appears on the monitor. In a multipoint call, some
connections might be encrypted while others are not. The padlock icon might not accurately indicate
whether the call is encrypted if the call is cascaded or includes an audio-only endpoint. To avoid security
risks, Polycom recommends that all participants communicate the state of their padlock icon verbally at the
beginning of a call.
Keep in mind the following points regarding AES encryption:
Polycom, Inc.
Security
143