![]() |
A Security Profile consists of a set of parameters that can be configured in order to have more control over the services that are active at any time.
• Secure - The Secure profile disables all protocols except sshv2, HTTPS and SSH to Serial Ports. Authentication to access Serial Ports is required and SSH root access is not allowed.NOTE: SSH root access is enabled when the security profile is set to Moderate or Open. If a Secured security profile is selected, you need to switch to a Custom security profile and enable the allow root access option.
• Moderate - The Moderate profile is the recommended security level. This profile enables sshv1, sshv2, HTTP, HTTPS, Telnet, SSH and Raw connections to the Serial Ports. In addition, ICMP and HTTP redirection to HTTPS are enabled. Authentication to access the serial ports is not required.
• Open - The Open profile enables all services such as Telnet, sshv1, sshv2, HTTP, HTTPS, SNMP, RPC, ICMP and Telnet, SSH and Raw connections to the Serial Ports. Authentication to access serial ports is not required.The Default Security Profile sets the parameters to same as Moderate profile. See the following tables for the list of enabled services when the Default security profile is used.The Custom Security Profile opens up a dialog box to allow custom configuration of individual protocols or services.NOTE: By default, a number of protocols and services are enabled in the Custom profile, however, they are configurable to user’s custom requirements.The following tables illustrate the properties for each of the Security Profiles. The enabled services in each profile is designated with a check mark.
The first step in configuring your ACS console server is to define a Security Profile. One of the following situations is applicable when you boot up the console server unit.
1. In this situation when you boot up your console server and log in as an administrator to the Web Manager, a security warning dialog box appears. The Web Manager is redirected to Step1: Security Profile in the Wizard mode. Further navigation to other sections of the Web Manager is not possible without selecting or configuring a Security Profile. Once you select or configure a Security Profile and save the changes, the console server restarts.In this situation the console server was already in use and certain configuration parameters were saved in the flash memory. In this case the console server automatically retrieves the Custom Security Profile parameters saved in the flash memory and behaves as it was a normal reboot.In this situation the system detects the pre-defined security profile. You can continue working in the Web Manager.All serial ports on ACS console servers shipped from the factory are disabled by default. The administrator can enable ports individually or collectively and assign specific users to individual ports. The following figure shows the default factory settings of serial ports.
• If you reconfigure the security profile and restart the Web manager, you need to make sure the serial ports protocols and access methods match the selected security profile.
• If the serial port connection protocol is incompatible with the selected security profile the following dialog box appears when you try to access Expert - Ports - Physical PortsThe following procedure assumes you have installed a new console server at your site or you have reset the unit to factory default.
1.
2. Review the Security Advisory and click the Close button.
4. Select a pre-defined Security Profile by pressing one of the Secure, Moderate, Open or Default profiles or create a Custom profile. The following dialog box appears when you select the Custom profile.CAUTION: Take the required precautions to understand the potential impacts of each individual service configured under the Custom profile.Once you select a security profile or configure a custom profile and apply the changes, the console server Web Manager restarts in order for the changes to take effect.
5. Select apply changes to save the configuration to Flash. The console server Web Manager restarts.