Table of Contents
Advertisement
System Security Options (Cont.)
Option
Inactivity Timeout
Password Expiration
Cryptography
Strength:
Password Complexity
Lockout Access
HTTP/HTTPS
Instruction Manual - Incite Digital Video Presentation Systems
Description
Select to enable the Master to log out a user after a defined period of inactivity. After enabling the inactivity timeout op-
tion, use the spin box to set the number of minutes before the timeout activates. You can set a timeout in the range of
1 to 60 minutes. The default setting is 10 minutes. The timeout applies to Program Port, Telnet, SSH, HTTP, and HTTPS
sessions. When the inactivity timeout is enabled, the Master limits the number of concurrent sessions for all non-device
accounts to 10. When the number of active sessions is full, any additional login attempts will fail.
Select to force a user to change its password after a set period of time. After enabling the password expiration options,
use the spin box to set the interval for password expiration. You can set an amount of time in the range of 1 to 180 days.
The default setting is 60 days.
NOTE:
This option is only valid on locally-maintained accounts. When external LDAP is enabled, only the administrator and
device user accounts are affected.
Set the cryptography strength of the Master to Low or High. On the High setting, only FIPS 140-2 validated binaries are
used.
Set the password complexity to Low, Medium, or High. When the password complexity level is raised from a lower level
to a higher level, the Master requires confirmation from the user. When the user confirms the change, all passwords are
marked as expired on all local user accounts, and the passwords must be changed to meet the new complexity require-
ments. Password complexity requirements are as follows:
• Low - Minimum length is 4 characters, and must be different from previous password.
• Medium - Minimum length is 8 characters, must contain characters from 3 of the following characters sets (uppercase
letters, lowercase letters, numbers, other characters), must contain at least 4 changes from the previous password, and
must be different from the previous 10 passwords.
• High - Minimum length is 15 characters, must contain characters from all of the following characters sets (uppercase
letters, lowercase letters, numbers, other characters), must contain at least 8 changes from the previous password, and
must be different from the previous 30 passwords.
NOTE:
This option is only valid on locally-maintained accounts. When external LDAP is enabled, only the administrator and
device user accounts are affected.
Select to enable a lock on a user account after a set number of failed logins. When enabled, use the Attempts spin box
to set the number of login attempts allowed. Use the Lockout Duration options menu to indicate the amount of time you
want the lockout to last. The default setting is 60 minutes.
NOTE:
This option is only valid on locally-maintained accounts. When external LDAP is enabled, only the administrator
user is affected.
Select to enable HTTP and HTTPS access to the Master.
HTTP: The port value used for unsecure HTTP Internet communication between the web browser's UI and the target
Master. By disabling this port, the administrator (or other authorized user) can require that any consecutive sessions
between the UI and the target Master are done over a more secure HTTPS connection.
By default, the Master does not have security enabled and must be communicated with using http:// in the Address field.
The default port value is 80.
NOTE:
One method of adding security to HTTP communication is to change the Port value. If the port value is changed,
any consecutive session to the target Master has to add the port value at the end of the address
(within the Address field). An example is if the port were changed to 99, the new address information would be:
http://192.192.192.192:99.
HTTPS: The port value used by web browser to securely communicate between the web server UI and the target Master.
This port is also used to simultaneously encrypt this data using the SSL certificate information on the Master as a key.
This port is used to communicate securely between the browser (using the web server UI) and the Master using HTTPS
but also provide a port for use by the SSL encryption key (embedded into the certificate). Whereas SSL creates a secure
connection between a client and a server, over which any amount of data can be sent securely, HTTPS is designed to
transmit individual messages securely. Therefore both HTTPS and SSL can be seen as complementary and are configured
to communicate over the same port on the Master. These two methods of security and encryption are occurring simulta-
neously over this port as data is being transferred. The default port value is 443.
NOTE:
Another method of adding security to HTTPS communication would be to change the port value. If the port
value is changed, any consecutive session to the target Master has to add the port value at the end of the address
(within the Address field). An example is if the port were changed to 99, the new address information would be:
http://192.192.192.192:99.
WebConsole - Security Options
66
Advertisement
Table of Contents
