Cisco Cisco Firepower Management Center 4000 Entwickleranleitung
2-3
FireSIGHT System Database Access Guide
Chapter 2 Setting Up Database Access
Enabling Database Access on the Defense Center
Note that you can externally create and authenticate External Database users, in which case the appliance
retrieves user credentials from an external repository, such as an LDAP directory server or RADIUS
authentication server. You manage password settings for these users on the external server. For detailed
information on external authentication, see the FireSIGHT System User Guide.
retrieves user credentials from an external repository, such as an LDAP directory server or RADIUS
authentication server. You manage password settings for these users on the external server. For detailed
information on external authentication, see the FireSIGHT System User Guide.
Enabling Database Access on the Defense Center
License:
Any
After you create an External Database user, you must configure the Defense Center to allow access to
the database on the appliance. You must also configure a database access list on the appliance and add
all host IP addresses that will query the external database.
the database on the appliance. You must also configure a database access list on the appliance and add
all host IP addresses that will query the external database.
To enable database access:
Access:
Admin
Table 2-1
User Account Password Options
Option
Description
Use External
Authentication Method
Authentication Method
Select this option if you want this user’s credentials to be externally
authenticated.
authenticated.
Note
If you select this option for the user and the external authentication
server is unavailable, that user can log into the web interface but
cannot access any functionality.
server is unavailable, that user can log into the web interface but
cannot access any functionality.
Maximum Number of
Failed Logins
Failed Logins
Enter an integer, without spaces, that determines the maximum number of
times each user can consecutively fail login attempts before the account is
locked. The default setting is five tries; use
times each user can consecutively fail login attempts before the account is
locked. The default setting is five tries; use
0
to allow an unlimited number
of failed logins.
Minimum Password
Length
Length
Enter an integer, without spaces, that determines the minimum required
length, in characters, of a user’s password. The default setting is
length, in characters, of a user’s password. The default setting is
8
. A value
of 0 indicates that no minimum length is required.
Days Until Password
Expiration
Expiration
Enter the number of days after which the user’s password expires. The
default setting is
default setting is
0
, which indicates that the password never expires.
Days Before Expiration
Warning
Warning
Enter the number of warning days users have to change their password
before their password actually expires. The default setting is
before their password actually expires. The default setting is
0
days.
Caution
The number of warning days must be less than the number of days
before the password expires.
before the password expires.
Force Password Reset
on Login
on Login
Select this option to force users to change their passwords the first time they
log in.
log in.
Check Password
Strength
Strength
Select this option to require strong passwords. A strong password must be at
least eight alphanumeric characters of mixed case and must include at least
one numeric character and one special character. It cannot be a word that
appears in a dictionary or include consecutive repeating characters.
least eight alphanumeric characters of mixed case and must include at least
one numeric character and one special character. It cannot be a word that
appears in a dictionary or include consecutive repeating characters.
Exempt from Browser
Session Timeout
Session Timeout
Select this option if you do not want a user’s login sessions to terminate due
to inactivity. Users with the Administrator role cannot be made exempt.
to inactivity. Users with the Administrator role cannot be made exempt.