Introduction : OnBoard Appliance Security Profiles

OnBoard Appliance Security Profiles
Each OnBoard appliance has a security profile defined during initial configuration. The type of security profile selected by the OnBoard appliance administrator controls the following:
Whether authorizations are checked (bypassing authorizations is not available in any of the default security profiles, but it can be selected in a custom security profile)
The administrative user defines the security profile during initial configuration. The security profile can be changed later. Services can also be turned on and off independently from the security profile. For more details, see OnBoard Appliance Services.
Table 4.7 describes the services that are enabled and disabled in the preconfigured security profiles: moderate, secured and open.
If the administrator chooses to configure a custom security profile, the administrator can select among all the options listed in Table 4.7. In addition, the administrator can allow root logins using SSH, redirect HTTP to HTTPs, assign an alternate port to SSH, HTTP or HTTPS or select a default authentication type. After the customized security profile goes into effect, if a default authentication type is specified in a custom security profile, whenever a new device is configured the specified authentication type is selected by default in the Web Manager. Also, the specified authentication type is assigned by default to any new device configured using the cycli utility. The administrative user is always able to change the authentication type for each individual device.