Cisco TelePresence SX20 Quick Set

Administrator guide

Table of contents Introduction

Web interface Advanced settings Appendices

 

52

 

 

 

 

 

 

 

 

The Security settings

Security Audit Server Address

Enter the external/global IP-address to the audit syslog server. IPv6 is not supported. NOTE: Requires a restart of the system for any change to take effect.

Requires user role: AUDIT

Value space: <S: 0, 64>

Format: String with a maximum of 64 characters.

Example: Security Audit Server Address: ""

Security Audit Server Port

Enter the port of the syslog server that the system shall send its audit logs to. The default port is 514.

NOTE: Requires a restart of the system for any change to take effect.

Requires user role: AUDIT

Value space: <0..65535>

Range: Select a value from 0 to 65535.

Example: Security Audit Server Port: 514

Security Audit OnError Action

Describes what actions will be taken if connection to the syslog server is lost. This setting is only relevant if Security Audit Logging Mode is set to ExternalSecure.

NOTE: Requires a restart of the system for any change to take effect.

Requires user role: AUDIT

Value space: <Halt/Ignore>

Halt: If a halt condition is detected the unit is rebooted and only the auditor is allowed to operate the unit until the halt condition has passed. When the halt condition has passed the audit logs are re-spooled to the external server. Halt conditions are: A network breach (no physical link), no external syslog server running (or wrong server address or port), TLS authentication failed (if in use), local backup (re-spooling) log full.

Ignore: The system will continue its normal operation, and rotate internal logs when full. When connection is restored it will again send its audit logs to the syslog server.

Example: Security Audit OnError Action: Ignore

Security Audit Logging Mode

Describes where the audit logs are recorded or transmitted.

NOTE: Requires a restart of the system for any change to take effect.

Requires user role: AUDIT

Value space: <Off/Internal/External/ExternalSecure>

Off: No audit logging is performed.

Internal: The system records the audit logs to internal logs, and rotates logs when they are full.

External: The system sends the audit logs to an external audit syslog server. The external server must support TCP.

ExternalSecure: The system sends encrypted audit logs to an external audit server that is verified by a certificate in the Audit CA list. The Audit CA list file must be uploaded to the codec using the web interface. The common_name parameter of a certificate in the CA list must match the IP address of the syslog server.

Example: Security Audit Logging Mode: Off

Security Session ShowLastLogon

When logging in to the system using SSH or Telnet you will see the UserId, time and date of the last session that did a successful login.

Requires user role: ADMIN

Value space: <Off/On>

On: Set to On to enable the possibility to show information about the last session.

Off: Set to Off to disable the possibility to show information about the last session.

Example: Security Session ShowLastLogon: Off

Security Session InactivityTimeout

Determines how long the system will accept inactivity from the user before he is automatically logged out.

Requires user role: ADMIN

Value space: <0..10000>

Range: Select a value from 0 to 10000 seconds. 0 means that inactivity will not enforce automatically logout.

Example: Security Session InactivityTimeout: 0

D14908.01 SX20 Administrator Guide (TC5.1) 2012 FEBRUARY © 2012 Cisco Systems, Inc. All rights reserved.

www.cisco.com