Table of Contents
Advertisement
Login Settings
An authenticated user of the UCM web UI may log in the system and then leave the active session on a
terminal unattended without intentionally logging-off from the system. An adversary with access to the
terminal could then have access to the UCM, meaning all the configuration and status information could be
exposed and changed intentionally or unintentionally.
UCM provides protection from such vulnerability using login timeout. After the user logs in the UCM web UI,
the user will be automatically logged out after certain timeout. This timeout value can be specified under
UCM web GUIMaintenanceChange InformationLogin Settings page. In the case that the user doesn't
make any operation on web GUI within the timeout period, the user will be logged out automatically and the
web UI will be redirected to the login page, requiring password to access the web pages.
If the login timeout period is set to a short enough time, the chances of an adversary gaining access to an
unattended terminal are significantly reduced. However, the timeout period cannot be too short that an
authenticated user becomes annoyed by frequent automatic logouts during normal use. Therefore, users
shall set it to a value according to actual usage and situation. The default value of login timeout is 10
minutes.
Along with the login timeout feature, the UCM supports also user banning upon unsuccessful login attempts
with the possibility to configure the maximum number of allowed failed login attempts as well as settings
the ban period as shown on the below figure.
Figure 3: Login Settings
P a g e
|
8
UCM Security Manual
Hide quick links:
Advertisement
Table of Contents
