Device security
2.6
Security configuration
36
UM Security BRS-2A
Release
8.7
05/2022
2.6.22
Configure logging
Configure logging:
Configure synchronization of the device system clock to a trusted source.
See the user manual "Configuration" on how to synchronize the device system clock to a trusted
source. If you use PTP (IEEE 1588), refer to the PTP chapters.
Configure logging severity levels.
The necessary settings depend on our security requirements. See the user manual
"Configuration" on how to configure logging severity levels.
Configure logging destinations:
–
The necessary settings depend on our security requirements. See the user manual
"Configuration" on how to configure logging destinations.
–
For log availability reasons, a remote destination, different from the location of the device,
may be preferable.
–
For log confidentiality reasons, an appropriately secured remote destination may be
preferable.
Note:
The audit trail function is always active and cannot be disabled. Neither can the audit trail be
deleted by resetting the device to the delivery state.
2.6.23
Configure dedicated login banners
Configure dedicated login banners:
Configure the GUI pre-login banner with only the minimal information necessary. If possible,
avoid any information that may help an attacker.
Configure the CLI pre-login banner with only the minimal information necessary. If possible,
avoid any information that may help an attacker.
Configure the CLI post-login banner with only the minimal information necessary.
2.6.24
Configure advanced device security
You can elect to configure the following advanced device security:
Disable access to the CLI service shell.
See the user manual "Configuration", chapter "User Interfaces" on how to disable access to the
CLI service shell
2.6.25
Configure advanced user authentication
You can also elect to configure the following advanced user authentication measures as needed:
Use 802.1X for user authentication.
See the user manual "Graphical User Interface" on how to configure 802.1X port security.
Use a dedicated authentication policy list
See the user manual "Graphical User Interface" on how to configure authentication policy of the
local IAS (Integrated Authentication Server).
Configure LDAP or RADIUS access instead of or in addition to the local IAS.
See the user manual "Graphical User Interface" on how to configure the authentication policy of
the device.
Summary of Contents for HIRSCHMANN HiOS-2A
Page 6: ...Contents 6 UM Security BRS 2A Release 8 7 05 2022 ...
Page 8: ...Document History 8 UM Security BRS 2A Release 8 7 05 2022 ...
Page 10: ...Safety instructions 10 UM Security BRS 2A Release 8 7 05 2022 ...
Page 54: ...Network security support 3 11 Configure logging 54 UM Security BRS 2A Release 8 7 05 2022 ...
Page 62: ...Index 62 UM Security BRS 2A Release 8 7 05 2022 ...
Page 66: ......