Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Maintenance
Cisco VCS Administrator Guide (X7.1)
Page 271 of 479
Advanced account security
The
Advanced account security
page (
Maintenance > Advanced account security
) is used to configure
the VCS for use in highly secure environments. This page can only be accessed if the Advanced Account
Security option key is installed.
Security option key is installed.
Enabling advanced account security limits login access to remotely authenticated users using the web
interface only, and also restricts access to some VCS features. To indicate that the VCS is in advanced
account security mode, any text specified as the Classification banner message is displayed on every web
page.
interface only, and also restricts access to some VCS features. To indicate that the VCS is in advanced
account security mode, any text specified as the Classification banner message is displayed on every web
page.
Note that a system reboot is required for changes to the advanced account security mode to take effect.
Prerequisites
Before advanced account security mode can be enabled, the VCS must be configured to use
for administrator accounts.
CAUTION
: ensure that the remote directory service is working properly, as after advanced account security
is enabled you will not be able to log in to the VCS via the local admin account or as root.
You are also recommended to configure your system so that:
n
is disabled
n
the
is set to a non-zero value
n
is enabled
n
configuration uses TLS encryption and has certificate revocation list (CRL)
checking set to All
n
is disabled
n
is disabled
n
any connection to an
uses HTTPS and has certificate checking enabled
Alarms are raised for any non-recommended configuration settings.
VCS functionality: changes and limitations
When in secure mode, the following changes and limitations to standard VCS functionality apply:
n
access over SSH, Telnet, and through the serial port is disabled and cannot be turned on
n
access over HTTPS is enabled and cannot be turned off
n
the command line interface (CLI) is unavailable
n
the root account, the admin account and any other local administrator accounts are disabled
n
if there are three consecutive failed attempts to log in (by the same or different users), login access to the
VCS is blocked for 60 seconds
VCS is blocked for 60 seconds
n
immediately after logging in, the current user is shown statistics of when they previously logged in and
details of any failed attempts to log in using that account
details of any failed attempts to log in using that account