Chapter 6

About Support Tools Security

Support Tools Security Features

Support Tools operates with the following security features/restrictions:

1.Access to Support Tools is limited to the local network. Remote access via the Internet is not supported. Users must authenticate against the network in order to use Support Tools.

2.Users must login to the Support Tools Dashboard using their network ID and password, or the ID and password of a valid Windows account.

Note: The Support Tools Login page uses SSL by default so that user passwords and all communication between the server and the web client are encrypted and secure.

3.Within the Support Tools Dashboard, access to specific utilities is determined by Windows User Group membership. Only members of the user group designated as the Support Tools privileged group can use utilities capable of system modification from the Dashboard.

Non-privileged users are limited to information gathering functionality only. Note that Support Tools utilities used outside of the Dashboard environment (namely, via command-line) do not impose these levels of privilege.

The use of Support Tools utilities outside of the Dashboard environment (accessed via command line interface on a node) is not controlled by a login/password. System administrators can use Windows privileges to limit this method of access to specific users or groups.

4.Optionally, to enhance security, on Windows 2003 systems, you can use Support Tools' automated deployment of IPSecurity to authenticate requests from the Support Tools Server to a node. Automated IPSec setup is not available on non-Windows 2003 systems, but IPSec can be configured manually, if desired.

Cisco Support Tools User Guide for Cisco Unified Software Release 2.1(1)

43

Page 57
Image 57
Cisco Systems 2.1(1) manual About Support Tools Security, Support Tools Security Features