 |
MSE 8220 |
| host: mcnc-ipvcr |
|
MSE 8220 |
| host: mcnc-ipvcr |
Help contents >
Advanced topics >
Understanding security warnings
|
Search/Print Index |
The page displays a list of active security warnings for the IP VCR. To access this information, go to . Security warnings identify potential weaknesses in the security of the IP VCR's configuration. For more information on configuring security settings, refer to Configuring security settings. For more detailed information on the security status, refer to Displaying security status.
The table below details the warnings that appear, and the relevant actions needed to rectify them.
| Warning | Action | Explanation |
|---|---|---|
| Advanced password security is disabled | Enable advanced account security mode in security settings |
If advanced account security mode is not enabled, passwords will be stored in plain text in the configuration file, and therefore be unsecure. To enable advanced account security mode, go to and enable Advanced account security mode. |
| Hide log messages on console is disabled |
Enable hide log messages on console in serial console settings |
To hide log messages on the console, go to and select Hide log messages on console. This will stop event messages appearing on the console. |
| Require administrator login to console is disabled |
Enable require administrator login in serial console settings |
You must log in using an admin account to access serial console commands, in this way the serial console will be more secure. To do this, go to and select Require administrator login. |
| Guest account is enabled |
Disable the guest account. |
By default the guest user account is assigned the privilege of 'conference list only', meaning that users who log in as guest can view the list of active conferences and change their own profile. Disabling the guest account makes the IP VCR more secure. To disable the guest account, go to and select Guest. Select Disable user account. |
| Admin account has default username |
Change the admin account username |
The IP VCR must have at least one configured user with administrator privileges. By default, the User ID is "admin" and no password is required. To change the admin account username, go to and select admin. Enter a new username in the User ID field and click . |
| Unsecured FTP service is enabled |
Disable FTP in network TCP services |
Information sent using FTP is unencrypted and sent in plain text; therefore, it is possible for people to discover usernames and passwords easily. To disable FTP, go to and encure FTP is not selected. |
| Unsecured HTTP service is enabled |
Disable HTTP in network TCP services |
Information sent using HTTP (Web) is unsecured and not encrypted. To disable HTTP, go to and ensure Web is not selected. We recommend that you select Secure web. |
| Unsecured SNMP service is enabled |
Disable SNMP in network UDP services |
Information sent using SNMP is unencrypted and sent in plain text; therefore, it is possible for people to discover usernames and passwords easily. To disable SNMP, go to and ensure SNMP is not selected. |
| Auto-refresh of web pages is enabled |
Change auto-refresh interval to "No auto-refresh" |
If your IP VCR is set to auto-refresh it could mean that on an idle IP VCR a session will never time out. To turn off auto-refresh, go to and change Status page auto-refresh interval to No auto-refresh. |
| Audit logging of configuration changes is disabled |
Enable the audit log |
If the audit log is disabled, the IP VCR will not create an audit log. To enable audit logs, go to and select . (See Working with the audit log.) For more information on the audit log, refer to Configuring security settings. |
| Audit logs hash check failed, audit system integrity compromised |
Check system configuration for possible security changes |
If audit logs checks fail, it is possible that your IP VCR has been compromised. For example, someone may have taken the compact flash card out and deleted some audit logs. For more information on the audit log, refer to Configuring security settings |
| Call encryption is disabled |
Enable call encryption |
When encryption status is Disabled, no calls on the IP VCR can use encryption. To enable encryption, go to . For Encryption status, select Enabled. |
| Audit log above 75% capacity |
Download and delete audit logs |
The audit log has a maximum capacity of 100,000 audit events, or the size limit of the compact flash card. When you are nearing either of these limits, the IP VCR will give you this warning. If you reach full capacity of the compact flash card, the IP VCR will 'wrap' meaning that older logs are deleted. To rectify this problem download and clear the audit log. To do this, go to and select . Once this has completed, click . |
| Audit log above 90% capacity |
Download and delete audit logs. |
The audit log has a maximum capacity of 100,000 audit events, or the size limit of the compact flash card. When you are nearing either of these limits, the IP VCR will give you this warning. If you reach full capacity of the compact flash card, the IP VCR will 'wrap' meaning that older logs are deleted. To rectify this problem download and clear the audit log. To do this, go to and select . Once this has completed, click . |
| Shell not secured for startup |
Disable the serial input during startup. |
If Disable serial input during startup isn't selected, the serial console is not protected during application startup. This means users will have access to debug services in the operating system. To disable this, go to , and select Disable serial input during startup. |
| (c) Copyright TANDBERG 2003-2011, License information |