Cisco Cisco TelePresence MCU 4510 Maintenance Manual
Field
Field description
Hide log
messages on
console
messages on
console
The serial console interface displays log messages. If that is considered to be a security
weakness in your environment, select this option to hide those messages.
weakness in your environment, select this option to hide those messages.
Disable serial
console input
during startup
console input
during startup
Enable this option for enhanced serial port security.
Require
administrator
login
administrator
login
Enable this option to require an administrator login by anyone attempting to connect to the MCU
via the console port. If this is not enabled, anyone with physical access to the device (or with
access to your terminal server) can potentially enter commands on the serial console.
via the console port. If this is not enabled, anyone with physical access to the device (or with
access to your terminal server) can potentially enter commands on the serial console.
Idle serial
console
session
timeout
console
session
timeout
If you enable Require administrator login, you can configure a session timeout period for idle
console sessions. The timeout value can be between 1 minute and 60 minutes.
console sessions. The timeout value can be between 1 minute and 60 minutes.
The administrator must log in again if a console session expires.
Usage recommendations for advanced account security
If you decide to enable advanced account security mode, we recommend that you first do the following:
n
Back up your configuration.
The MCU gives the option to create a backup file when it asks for confirmation of the advanced account
security request.
The MCU gives the option to create a backup file when it asks for confirmation of the advanced account
security request.
n
Rename the default administrator account.
This is especially important where the MCU is connected to the public Internet, because security attacks
often use "admin" when attempting to access a device with a public IP address. Even on a secure
network, if the default administrator account is "admin", it is possible for innocent attempts to log into the
MCU to cause the account to be locked out for 30 minutes.
This is especially important where the MCU is connected to the public Internet, because security attacks
often use "admin" when attempting to access a device with a public IP address. Even on a secure
network, if the default administrator account is "admin", it is possible for innocent attempts to log into the
MCU to cause the account to be locked out for 30 minutes.
n
Create several accounts with administrator privileges.
This ensures that if an administrator account is locked out, you have another account through which to
access the MCU.
This ensures that if an administrator account is locked out, you have another account through which to
access the MCU.
n
Create dedicated administrator accounts for each API application (if any) that accesses the MCU.
n
Update the device password in TMS before enabling the functionality on the MCU.
Password format and usage
In advanced account security mode, user passwords are subject to the following rules on format and usage:
n
At least fifteen characters.
n
At least two uppercase alphabetic characters.
n
At least two lowercase alphabetic characters.
n
At least two numeric characters.
n
At least two non-alphanumeric (special) characters.
n
Not more than two consecutive repeating characters (two repeating characters are allowed but three are
not).
not).
n
The password must be different from the previous 10 passwords used with the associated user account.
n
The password will expire if it is not changed within 60 days.
Cisco TelePresence MCU Series 4.5 Online Printable Help
Page 217 of 278
Configuring the MCU
Configuring security settings