An important part of configuring the OnBoard is selecting a security profile that helps enforce the security policies of the organization where the OnBoard is being used.Each OnBoard has a security profile defined during initial configuration. The type of security profile selected by the OnBoard administrator controls the following:
• Whether a default authentication is specified for all subsequently-configured devices
• Whether authorizations are checked (bypassing authorizations is not available in any of the default security profiles, but it can be selected in a custom security profile)The administrative user defines the security profile during initial configuration. The security profile can be changed later. Services can also be turned on and off independently from the security profile. For more details, see OnBoard Services.The following tables describes the services that are enabled and disabled in the three types of preconfigured security profiles.Moderate Security Profile Services/ Features describes the “Moderate” security profile.
Default authentication type to access devices set to Local Moderate Security Profile Services/ Features describes the “Secured” security profile
Default authentication type to access devices set to Local Open Security Profile Services/Features describes the “Open” security profile
Default authentication type to access devices set to Local Services and Other Functions in the “Custom” Security Profile (Sheet 1 of 2) describes the services and other functionality that the administrator can select in the “Custom” security profile.
Override authorization—enable access based on authentication only
•
•
•
•
•
•
•
•
Selecting a default authentication type has the following effects after the customized security profile goes into effect: The specified authentication type is selected by default in the Web Manager when a new device is being configured; the specified authentication type is assigned by default to a new device configured using the cycli utility. The administrative user is always able to change the authentication type for each individual device while configuring it.