1. Administration Guide
  2. System Configuration
  3. Configuring System Management - Common Profile Switches
  4. Configuring Security

Configuring Security

The Security Configuration screen enables you to modify the options available for security. Select System Configuration > System Management to view the Common Profile Configuration screen.

Tip:

The Common Profile folder appears in a tree-view on the left panel. The components are categorized as folders. Each folder contains all the field labels associated with that section.

To configure the fields associated with the Security section, click the Common Profile > Security folder in the left panel. The configurable fields associated with Security appear in the right panel.

Field Descriptions

The following table lists the fields available under Security:

Field or Control Name Description

Number of previous passwords that cannot be repeated

Enables you to configure the number of passwords that can be allowed.

For example, if you enter 4 in this field, it configures the system to enable up to 4 previous passwords that cannot be used as passwords again. The default value is 3.

Password rules:

  • The password should contain at least 2 non-alphanumeric characters.
  • The password should have at least 8 characters.
  • The previous 3 passwords cannot be repeated.
  • The account will be locked after 3 failed login attempts .

Number of non-alpha characters in password

Enables you to configure the number of non-alpha characters that should exist in a password. Non-alpha characters include characters such as @, $, etc. The default value is 2.

Note:

To avoid bad configuration, we recommend that the value of this switch is kept as 0 or 1 only.

Minimum number of characters in the password

Enables you to configure the minimum number of characters that a password must have. The default value is 8.

For example, if you enter 8 in this field, it configures the system to ensure that every password contains at least 8 characters.

Use Secure property for cookies

Enables you to select whether to use secure property for cookies.

Number of consecutive failed login attempts before account is locked out

Enables you to configure the number of consecutive failed login attempts that can be allowed before an account is locked out. The default value is 3.

For example, if you enter 3, it means that up to 3 consecutive failed login attempts are allowed. If the fourth consecutive login attempt also fails, the account gets locked out.

Use the following procedure to configure security.

  1. Enter the value for the number of unique previous passwords in Number of previous passwords that cannot be repeated.
  2. Enter the value for the number of non-alpha characters in Number of non-alpha characters in password.
  3. Enter the value for the minimum number of characters for a password in Minimum number of characters in the password.
  4. Enter the value for the number of consecutive failed login attempts in Number of consecutive failed login attempts before account is locked out.
  5. Click Save to save the configured values.
  6. Click LDAP to configure the LDAP fields.

The configurable fields associated with LDAP appear in the right panel.

Field Descriptions

The following table lists and describes the fields available under LDAP:

Field or Control Name Description

Enable LDAP at system level

The available options for this are :

  • Yes
  • No

Use the following procedure to configure security:

  1. Select the option for Enable LDAP at system level.
  2. Click Yes to enable the LDAP Search Domain Account. This displays the LDAP Search Domain Account dialog.

    The following table describes the fields of the LDAP Search Domain Account dialog:

    Field or Control Name Description

    Use Secure Socket Layer

    If your LDAP Server is configured to use SSL for communication, please check this box. Use of SSL enables for a Secure communication between the client and the server using secure keys.

    Force Anonymous Binding for Search

    When setting up the LDAP Server, you have the option to force users to bind (authenticate) to the LDAP Server prior to being able to search the LDAP Tree. If this option has been setup in your LDAP server, this option must be checked.

    UserDN

    During the setup of the LDAP server, the distinguished name and tree structure is created for users to be configured under. Enter in the defined structure as defined in your LDAP server into this box. This is required only if the server is setup for Force Anonymous Binding for Search.

    Password

    Enter in the password for the User entered in the UserDN box for the bind to the server.

    Server Name

    Enter in the LDAP Server name or IP Address to which LDAP Authentication needs to occur on.

    Port Number

    Enter the port on which the LDAP Authentication Services are enabled on the LDAP Server (Default Value: 389).

    BaseDN

    Enter in the topmost distinguished name of your tree defined on the LDAP Server for which you would like to search for users under.

    Time Out (Sec)

    Enter a value in seconds, which will tell Argus how long to wait for a response from the LDAP Server during any authentication before timing out (Default Value: 10).

    LDAP Search Key

    Enter the key to authenticate the user name against in the LDAP Tree structure. For Example, when using Microsoft Active Directory, to authenticate using the Windows Username (Not Full Name), enter in sAMAccountName.
    • If you select the Use Secure Socket Layer (SSL) checkbox, the Port Number is auto-populated with the value 636.
    • If this checkbox is not selected, the Port Number is auto-populated with the value 389.
    • A generic LDAP server can accept anonymous as well as non anonymous binding, based on the configuration.
    • If the Force anonymous binding for search? checkbox is not selected, both UserDN and Password are enabled.
  3. Enter the LDAP username and password in the UserDN and Password fields, respectively.
  4. Enter the values for Server Name, Port Number, Base DN, Time Out and LDAP Search Key, as required.
    • The field length for Port Number and Time Out is 5 characters, while the Server Name, BaseDN, LDAP Search Key, UserDN and Password can be up to 255 characters.
  5. Click Save to save the changes made to this screen.

Configuring Cryptography within Common Profile > Security

Common Profile > Security > Cryptography contains two key settings:

  • Configured hashing algorithm to use - This setting determines the Hashtag algorithm that will be used in encrypting passwords.
  • *De-optimizer counter for hashtag routine* - This setting determines the strength of encryption (for example, the higher the value of this setting, the stronger will be the encryption, and vice-versa). The default/recommended value is 1000.

Parent topic: Configuring System Management - Common Profile Switches