About Support Tools Security

Support Tools Security Features

Support Tools operates with the following security features/restrictions:
1. Access to Support Tools is limited to the local network. Remote access via the Internet is
not supported. Users must authenticate against the network in order to use Support Tools.
2. Users must login to the Support Tools Dashboard using their network ID and password,
or the ID and password of a valid Windows account.
Note: The Support Tools Login page uses SSL by default so that user passwords and all
communication between the server and the web client are encrypted and secure.
3. Within the Support Tools Dashboard, access to specic utilities is determined by Windo ws
User Group membership. Only members of the user group designated as the Support Tools
privileged group can use utilities capable of system modication from the Dashboard.
Non-privileged users are limited to information gathering functionality only. Note that
Support Tools utilities used outside of the Dashboard environment (namely, via
command-line) do not impose these levels of privilege.
The use of Support Tools utilities outside of the Dashboard environment (accessed via
command line interface on a node) is not controlled by a login/password. System
administrators can use Windows privileges to limit this method of access to specic users
or groups.
4. Optionally, to enhance security, on Windows 2003 systems, you can use Support Tools'
automated deployment of IPSecurity to authenticate requests from the Support Tools
Server to a node. Automated IPSec setup is not available on non-Windows 2003 systems,
but IPSec can be congured manually, if desired.
Cisco Support Tools User Guide for Cisco Unified Software Release 2.1(1)
43
Chapter 6