35-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 35 Getting Started with IPS Configuration
Managing User Accounts and Password Requirements
When previewing configurations, you can see changes to the user accounts by selecting to
IPS(Delta – User Passwords). However, passwords are masked. For more information, see
Previewing Configurations, page8-45.
If you are rolling back configurations, the user accounts are never rolled back. The current status
and configuration of user accounts does not change.
Tip The IPS sensor can accept public keys for RSA authentication when logging into the device through an
SSH client. Each user has an associated list of authorized keys. Users can use these keys instead of
passwords. Security Manager ignores these keys during discovery and deployment. Thus, if keys are
configured, Security Manager does not remove the configuration.
Related Topics
Discovering Policies, page 5-12
Deploying Configurations in Non-Workflow Mode, page 8-29
Deploying Configurations in Workflow Mode, page 8-35
Understanding Configuration Rollback, page 8-59
Understanding Rollback for IPS and IOS IPS, page 8-62
Configuring IPS User Accounts
Use the User Accounts policy to configure local user accounts for IPS devices. Users can use these
accounts to log into the device. You can create new users, modify user privileges and passwords, and
delete users.
The user accounts policy should have at least these accounts:
cisco—An account named “cisco” must exist on the device and you cannot delete it.
An administrator account that Security Manager can use—Security Manager must be able to log into
the device to configure it. Typically, you create an account for this purpose. However, you have the
option of having Security Manager use the user account of the person deploying configurations to
log into the device. You can configure this using the Connect to Device Using option on the Tools
> Security Manager Administration > Device Communication page. See Device Communication
Page, page 11-16.
IPS user account configuration is more complicated than it seems. Before you configure IPS user
accounts, read the following topics:
Managing User Accounts and Password Requirements, page 35-13
Understanding IPS User Roles, page 35-13
Understanding Managed and Unmanaged IPS Passwords, page 35-14
Understanding How IPS Passwords are Discovered and Deployed, page 35-15
Configuring User Password Requirements, page 35-18
Configuring AAA Access Control for IPS Devices, page35-19
Tips
Cisco IOS IPS devices use the same user accounts that are defined for the router. This procedure
does not apply to Cisco IOS IPS configurations.