Maintenance
Advanced security
The
Advanced security
highly secure environments. This page can only be accessed if the Advanced Account Security option key
is installed.
You can configure the system for:
Advanced account security mode
n
FIPS140-2 cryptographic mode
n
Configuring advanced account security mode
Enabling advanced account security limits login access to remotely authenticated users using the web
interface only, and also restricts access to some system features. To indicate that the VCS is in advanced
account security mode, any text specified as the Classification banner message is displayed on every web
page.
Note that a system reboot is required for changes to the advanced account security mode to take effect.
Prerequisites
Before advanced account security mode can be enabled:
the system must be configured to use
n
the Advanced Account Security option key must be installed
n
CAUTION: ensure that the remote directory service is working properly, as after advanced account security
is enabled you will not be able to log in to the VCS via the local admin account or as root.
You are also recommended to configure your system so that:
SNMP
is disabled
n
the
session time out period
n
HTTPS client certificate validation
n
user account LDAP server
n
checking set to All
remote logging
is disabled
n
incident reporting
is disabled
n
any connection to an
external manager
n
Alarms are raised for any non-recommended configuration settings.
Enabling advanced account security
To enable advanced account security:
1. Go to
Maintenance > Advanced
2. Enter a Classification banner.
The text entered here is displayed on every web page.
Cisco VCS Administrator Guide (X8.1.1)
page
(Maintenance > Advanced
remote account authentication
is set to a non-zero value
is enabled
configuration uses TLS encryption and has certificate revocation list (CRL)
uses HTTPS and has certificate checking enabled
security.
security) is used to configure the VCS for use in
for administrator accounts
Advanced security
Page 295 of 507