Configuring security settings

To configure security settings for the MCU, go to Settings > Security.

Hashing passwords
Security settings
Serial console settings
Usage recommendations for advanced account security

Hashing passwords

By default the MCU hashes user passwords before storing them in the configuration.xml file. Passwords are stored as hash sums and are not stored anywhere on the MCU in plain text.

Security settings

If you make any changes, click Update security settings when you finish.

Field	Field description
Advanced account security mode	Important! If you decide to enable advanced account security mode, you should first implement the recommendations below in Usage recommendations for advanced account security. Advanced account security has the following features: All current passwords (created when the MCU was not in advanced account security mode) will be expired and must be changed by the users when they next log in. The MCU will demand that passwords fulfil certain criteria (using a mixture of alphanumeric and non-alphanumeric characters) and will apply certain rules on expiring and changing passwords. The MCU will disable a user account after three consecutive incorrect password entry attempts. Administrator accounts are disabled for 30 minutes; other accounts are disabled indefinitely or until re-enabled by an administrator. The MCU will disable any non-administrator account that is inactive for 30 days. Administrators can re-enable the account from the User page. From the User page, administrators can also change the password for any user account, or enforce a password change by the user, or lock the password to prohibit password changes except by an administrator.
Redirect HTTP requests to HTTPS	Enable this option to have HTTP requests to the MCU automatically redirected to HTTPS. The option is unavailable if either HTTP or HTTPS access is disabled on the Network > Services page.
Idle web session timeout	The timeout setting for idle web sessions, which can be set to a value between 1 minute and 60 minutes. If a web session expires, the user must log in again. Status web pages that auto-refresh will keep a web session active indefinitely. You can configure the MCU not to auto-refresh those pages, from the Settings > User interface page.

Field

Field description

Advanced account security mode

Important! If you decide to enable advanced account security mode, you should first implement the recommendations below in Usage recommendations for advanced account security.

Advanced account security has the following features:

All current passwords (created when the MCU was not in advanced account security mode) will be expired and must be changed by the users when they next log in.
The MCU will demand that passwords fulfil certain criteria (using a mixture of alphanumeric and non-alphanumeric characters) and will apply certain rules on expiring and changing passwords.
The MCU will disable a user account after three consecutive incorrect password entry attempts. Administrator accounts are disabled for 30 minutes; other accounts are disabled indefinitely or until re-enabled by an administrator.
The MCU will disable any non-administrator account that is inactive for 30 days. Administrators can re-enable the account from the User page.
From the User page, administrators can also change the password for any user account, or enforce a password change by the user, or lock the password to prohibit password changes except by an administrator.

Redirect HTTP requests to HTTPS

Enable this option to have HTTP requests to the MCU automatically redirected to HTTPS. The option is unavailable if either HTTP or HTTPS access is disabled on the Network > Services page.

Idle web session timeout

The timeout setting for idle web sessions, which can be set to a value between 1 minute and 60 minutes. If a web session expires, the user must log in again.

Status web pages that auto-refresh will keep a web session active indefinitely. You can configure the MCU not to auto-refresh those pages, from the Settings > User interface page.

Serial console settings

If you make any changes, click Update console settings when you finish.

Field	Field description
Hide log messages on console	The serial console interface displays log messages. If that is considered to be a security weakness in your environment, select this option to hide those messages.
Disable serial console input during startup	Enable this option for enhanced serial port security.
Require administrator login	Enable this option to require an administrator login by anyone attempting to connect to the MCU via the console port. If this is not enabled, anyone with physical access to the device (or with access to your terminal server) can potentially enter commands on the serial console.
Idle serial console session timeout	If you enable Require administrator login, you can configure a session timeout period for idle console sessions. The timeout value can be between 1 minute and 60 minutes. The administrator must log in again if a console session expires.

Usage recommendations for advanced account security

If you decide to enable advanced account security mode, we recommend that you first do the following:

Back up your configuration.

The MCU gives the option to create a backup file when it asks for confirmation of the advanced account security request.
Rename the default administrator account.

This is especially important where the MCU is connected to the public Internet, because security attacks often use "admin" when attempting to access a device with a public IP address. Even on a secure network, if the default administrator account is "admin", it is possible for innocent attempts to log into the MCU to cause the account to be locked out for 30 minutes.
Create several accounts with administrator privileges.

This ensures that if an administrator account is locked out, you have another account through which to access the MCU.
Create dedicated administrator accounts for each API application (if any) that accesses the MCU.
Update the device password in TMS before enabling the functionality on the MCU.

Password format and usage

In advanced account security mode, user passwords are subject to the following rules on format and usage:

At least fifteen characters.
At least two uppercase alphabetic characters.
At least two lowercase alphabetic characters.
At least two numeric characters.
At least two non-alphanumeric (special) characters.
Not more than two consecutive repeating characters (two repeating characters are allowed but three are not).
The password must be different from the previous 10 passwords used with the associated user account.
The password will expire if it is not changed within 60 days.
Except for users with administrator privileges, the password may not be changed more than once in 24 hours.

Note: If the MCU is configured to require certificate-based login only (Require client certificate login is enabled for HTTPS on the Network > SSL certificates page) every user account still requires a password to be defined, and the rules on password format and usage, including changing within 60 days, still apply.

Expired passwords

In advanced account security mode, if a user logs in with a correct but expired password, the MCU will prompt the user to change the password. If the user chooses not to change it, the user is allowed two more login attempts to change the password before the account is disabled.