Configuring security settings
Cisco TelePresence ISDN Gateway 2.1 Online help (Printable format) 89 of 135
The ISDN Gateway will hash passwords before storing them in the configura tion.xml file (see
Hashing passwords below)
The ISDN Gateway will demand that passwords fulfill certain criteria, usi ng a mixture of
alphanumeric and non-alphanumeric (special) characters ( see Password format below)
Passwords will expire after 60 days
A new password for an account must be different from the las t ten passwords used with that
account
The ISDN Gateway will disable a user's account if that user inc orrectly enters a password
three times consecutively. If this is an admin account, it is d isabled for 30 minutes; for any
other account, it is disabled indefinitely (or until you, th e administrator, re-enable the account
from the User page)
Non-administrator account holders are not allowed to change th eir password more than once
in any 24 hour period
Administrators can change any user account’s password and f orce any account to change its
password by selecting Force user to change password on next login on the User page.
Administrators can prevent any non-administrator account from changing its pas sword by
selecting Lock password on the User page.
The ISDN Gateway will disable any non-administrator account after a 30 day peri od of
account inactivity. To re-enable the account, you must edit tha t account's settings on the User
page
If you enable advanced security, all current passwords ( created when the ISDN Gateway was not in
advanced security mode) will expire and users must change them.
When using Advanced account security mode, we recomm end that you rename the default
administrator account. This is especially true where the ISD N Gateway is connected to the public
internet because security attacks will often use “admin” when attempting to access a device with a
public IP address. Even on a secure network, if the def ault administrator account is “admin”, it is not
inconceivable that innocent attempts to log into the ISDN Gate way will cause you to be locked out for
30 minutes.
We recommend that you create several accounts with adm inistrator privileges. This will mean that you
will have an account through which you can access the ISDN G ateway even if one administrator
account has been locked out.
If there are API applications accessing the ISDN Gatewa y, we recommend that you create dedicated
administrator accounts for each application.
In advanced security mode, if a user logs in with a correct but expired password the ISDN Gateway
asks that user to change the password. If the user choos es not to change it, that user is allowed two
more login attempts to change the password before the acc ount gets disabled.
Hashing passwords In advanced security mode, the ISDN Gateway will hash pas swords before storing them in the
configuration.xml file. The configuration.xml file is used f or backing up and restoring the configuration
of the ISDN Gateway (see Upgrading and backing up the ISDN G ateway). If you do not select to use
advanced password security, all user passwords are stor ed in plain text in the configuration.xml; this
might be a security issue. If you select to use advanced pas sword security, they will not be stored
anywhere on the ISDN Gateway in plain text; instead the p asswords will be stored as hash sums.
Note that hashing user passwords is an irreversible proces s.