Table of Contents
Advertisement
Juniper NS-5400 Security Policy
reject message. See the log for authenticated logins. The RADIUS
shared secret has to be at least 6 characters.
•
All logins through a TCP connection disconnect after three
consecutive login failures and an alarm is logged.
•
A separate session is assigned to each successful administrator
login.
•
The first time an operator logs on to the module, the operator uses
the default user name and password, which are both "netscreen".
This user is assigned the Crypto-Officer role.
•
The Crypto-Officer is provided with the same set of services as the
user with four additional services: (1) "set admin" and "unset admin".
These two services allow the Crypto-Officer to create a new user,
change a current user's user name and password, or delete an
existing user. (2) "set FIPS enable" and "unset FIPS enable". These
two services allow the Crypto-Officer to switch between FIPS mode
and default mode.
•
HTTP can only come through a VPN with AES encryption. The
default page time-out is 10 minutes; this is user configurable. The
maximum number of HTTP connections, i.e., the maximum number
of concurrent WebUI logins depends on how many TCP sockets are
currently available in the system. The maximum number of available
TCP sockets is 2048. This number is shared with other TCP
connections.
•
There are a maximum of 22 sessions shared between Telnet and
SSH.
•
Upon a Telnet and console login failure, the next prompt will not
come up for an estimated 5 seconds.
•
The NetScreen-5400's chips are production-grade quality and
include standard passivation techniques.
•
The NetScreen-5400 is contained within a metal production-grade
enclosure.
11
Advertisement
Table of Contents
