Cisco Cisco Email Security Appliance C680 User Guide
28-26
Cisco AsyncOS 8.0.2 for Email User Guide
Chapter 28 Distributing Administrative Tasks
Configuring Access to the Email Security Appliance
Step 4
Submit and commit your changes.
You can also use the
adminaccessconfig
command in CLI to configure CLI session timeout. See Cisco
AsyncOS 8.0.2 for Email CLI Reference Guide.
Adding a Login Banner
You can configure the Email Security appliance to display a message called a “login banner” when a user
attempts to log into the appliance through SSH, Telnet, FTP, or Web UI. The login banner is
customizable text that appears above the login prompt in the CLI and to the right of the login prompt in
the GUI. You can use the login banner to display internal security information or best practice
instructions for the appliance. For example, you can create a simple note that saying that unauthorized
use of the appliance is prohibited or a detailed warning concerning the organization’s right to review
changes made by the user to the appliance.
attempts to log into the appliance through SSH, Telnet, FTP, or Web UI. The login banner is
customizable text that appears above the login prompt in the CLI and to the right of the login prompt in
the GUI. You can use the login banner to display internal security information or best practice
instructions for the appliance. For example, you can create a simple note that saying that unauthorized
use of the appliance is prohibited or a detailed warning concerning the organization’s right to review
changes made by the user to the appliance.
Use the
adminaccessconfig > banner
command in the CLI to create the login banner. The maximum
length of the login banner is 2000 characters to fit 80x25 consoles. A login banner can be imported from
a file in the
a file in the
/data/pub/configuration
directory on the appliance. After creating the banner, commit
your changes.
Configuring Cross-site Scripting Attack Protection
You can prevent attackers from injecting malicious scripts to the Web UI and CLI using the Cross-site
Scripting (XSS) attack protection feature.
Scripting (XSS) attack protection feature.
You can use the
adminaccessconfig
>
xss
command in CLI to enable this feature. The following CLI
transcript shows how to enable this feature.
mail.example.com> adminaccessconfig
Choose the operation you want to perform:
- BANNER - Configure login message (banner) for appliance administrator login.
- IPACCESS - Configure IP-based access for appliance administrative interface.
- CSRF - Configure web UI Cross-Site Request Forgeries protection.
- XSS - Configure Cross-Site Scripting Attack protection.
- HOSTHEADER - Configure option to use host header in HTTP requests.
- TIMEOUT - Configure GUI and CLI session inactivity timeout.
[]> xss
Cross-Site Scripting Attack (XSS) protection is used to block unwanted scripts
and protect against malicious script execution.
For best security, it is recommended that XSS protection should
be enabled.
Cross-Site Scripting Attack protection is currently disabled.
Would you like to enable Cross-Site Scripting Attack protection?
Logging out and relogin will be required for changes to take place. [N]Y
After enabling this feature, you must log out and log in again (to Web UI or CLI) for the changes to take
effect.
effect.