HP Client Bridge M111 manual Security policies

Page 36

Working with the M111

Management tool

Security policies

Security policies affect both manager and operator accounts. Select from one of the following options:

Follow FIPS 140-2 guidelines: When selected, implements the following requirements from the FIPS 140-2 guidelines:

Passwords must be at least six characters long.

Passwords must contain at least four different characters.

For more information on these guidelines, refer to the Federal Information Processing Standards Publication (FIPS PUB) 140-2, Security Requirements for Cryptographic Modules.

Follow PCI DSS 1.2 guidelines: When selected, implements the following requirements from the PCI DSS 1.2 guidelines:

Passwords must be at least seven characters long.

Passwords must contain both numeric and alphabetic characters.

The settings under Login control must be configured as follows:

Lock access after nn login failures must be set to 6 or less.

Lock access for nn minutes must be set to 30 minutes or more.

The settings under Account inactivity logout must be configured as follows:

Timeout must be set to 15 minutes or less.

For more information on these guidelines, refer to the Payment Card Industry Data Security Standard v1.2 document.

Security

The management tool is protected by the following security features:

Allowed addresses: You can configure a list of subnets from which access to the management tool is permitted.

Active interfaces: You can enable or disable access to the management tool for each of the following:

Port 1

Wireless port

3-6

Image 36

Contents ProCurve 5400zl Switches HP ProCurve M111 Client Bridge Page HP ProCurve M111 Client Bridge Publication Number Contents Working with the M111 Field descriptions To assign a management address Resetting to factory defaults Regulatory informationViii Introduction About this guide Products coveredImportant terms ConventionsCommands and program listings Example DescriptionKey features Introducing the M111 Client BridgeSafety information Professional Installation RequiredServicing HP ProCurve Networking support Online documentationBefore contacting support Getting started Scenario 1 Connecting wired devices to a wireless network Deploying the M111Overview Configuration procedure Configure your computerConnect to the M111 Passwords Select Network DNSConfigure a station profile Connect the wired computers to the M111  The printer is configured with a static IP address Configure MAC cloning options Connect the wired device to the M111 Scenario 3 Connecting a serial device to a wireless network Configure the serial connection Getting started Getting started Working with the M111 802.1X certificates Certificate stores Certificate usage About passwords Management toolStarting the management tool Customizing management tool settings Manager and Operator accountsPasswords Security policies SecurityIP address configuration Web serverAuto-refresh To configure IP addressing Radio configuration Wireless rangeTo configure the radio Wireless modeRestrict channels to Antenna selection Fast roaming threshold Fast roaming delta thresholdScan channel delay Fast scan channel delayFast roaming threshold count Minimum SNR thresholdUsing station profiles to establish a wireless link Advanced wireless settingsTransmit power control RTS thresholdWorking with the M111 To add or edit a station profile GeneralWireless security Wireless protectionKey source EAP methodWorking with the M111 Quality of service Viewing APs in the neighborhoodEncryption type Ap1certificate or ap2certificateConfiguring Quality of Service QoS Access categoryField descriptions QoS settings in a station profile Priority mechanisms802.1p Differentiated Services DiffServ Very-high, high, normal, low priorityDisabled Creating IP QoS profilesTo define an IP QoS profile Upstream DiffServ taggingConnecting serial devices SettingsProfile name Protocol Start port/ End portSerial port connector To connect a serial deviceTransmit timeout Idle timeoutMode Remote IP addressDrop wireless link when port 1 is connected Data bitsParity bit Stop bitsDNS configuration Connection timeTx kbytes Rx kbytesDNS switch on server failure Dynamically assigned DNS serversOverride dynamically assigned DNS servers ServerDNS switch over Enable the Redirect unsupported traffic to optionHandling unsupported traffic To forward unsupported trafficCloning the address of a wired device IP forwardingLimitations Wireless access to the M111 when MAC cloning is active Enabling Ethernet MAC cloningSetting up management traffic interception Management tool TCP portSnmp agent UDP port Select Management SnmpUsing filters to restrict wireless traffic Enable the Wireless traffic filters optionSnmp notifications UDP port Remote log UDP portAssigning a management address To assign a management addressSnmp Attributes V1/v2c communitiesV3 users Managing certificates Notification receivers802.1X Install TLS client certificate PasswordInstall 802.1X certificatesCertificate stores 802.1X Manage TLS client certificates802.1X Trusted CA certificates 802.1X Manage CA certificatesInstalling a new CA certificate Trusted CA certificate storeCA certificate import formats Certificate and private key store END CertificateDefault installed private key/public key certificate chains Specify the Pkcs #12 passwordCertificate usage Changing the certificate assigned to a service About certificate warningsConfiguration file management Manual configuration file managementBackup configuration Reset configuration Restore configurationScheduled operations Software updates Performing an immediate software update Performing a scheduled updateSelect Install Enable Scheduled installWorking with the M111 Regulatory information Manufacturers FCC Declaration of Conformity Statement Countries of Operation & Conditions of Use Operation Using 5 GHz Channels in the European Community GHz OperationSupported External Antennas 5470Indoor or outdoor use 1000 124, 128, 132, 136 Antenna Band GHzDGT LPD Low Power Device Statement Resetting to factory defaults Using the Reset button Using the management toolHow it works Page Technology for better business outcomes