Specifications
Terminal (Program Port/Telnet) Commands
107
NI & DVX Central Controllers - WebConsole & Programming Guide
Terminal Commands (Cont.)
Command Description
SET SECURITY PROFILE Secure:
• Unsecured interface ports are disabled including HTTP, Telnet and FTP. Only
HTTPS and SSH and terminal user ports are available.
• All user access requires a username/password login including HTTPS, SSH and
terminal.
• NetLinx/ICSP security is enabled requiring all NetLinx devices connecting with
the Master to provide username/password authentication and encryption.
• Passwords must conform to a stricter set of requirements. They must be at least
8 characters long and contain at least one upper and one lower case alpha, one
numeric and one special character (excluding the blankspace).
Allowed Special Characters:
The following special characters are allowed for use in User Name and Password
entries:
! ” # $ % & ’ ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
Also allowed are any printable ASCII characters (including "space"): A-Z, a-z, 0-9.
• Passwords cannot contain back-to-back duplicate characters.
• To ensure all account passwords conform to the new standard, all existing user
accounts are deleted and the built-in 'administrator' and 'netlinx' account
passwords are set to the secure default of 'Amx1234!'
• Failed login attempts will force a 4 second delay before a subsequent login
attempt can occur.
• Three consecutive login failures from any location will cause a 15 minute lockout
for the specified user account.
• If a banner.txt file is present in the Master's /user directory, the text from the
banner.txt file will be included on the Master's Web login prompt.
• All user account access will be timed out after at most 15 minutes of inactivity by
the user. Any activity after the timeout will cause the login prompt to be displayed
and login will be required to regain access. The inactivity timer on an SSH and
terminal session will be disabled if "msg on" logging is active.
• All account access including successful and failed logins and logouts will be
recorded in persistent storage. Audit records will be retained for 90 days. The
current audit logs can be viewed via SSH or terminal sessions using the "show
audit log" command. The audit log can be manually cleared from SSH or terminal
session using the "clear audit log" command.
DoD:
DoD security profile has all of the security specifications of "secure" profile along
with the following additional features:
• The default Web login banner text consists of the following: "This is a Department
of Defense (DOD) computer system provided only for authorized U.S.
Government use. This system may be monitored for all lawful purposes. All
information, including personal information, placed on or sent over this system,
may be monitored. Use of this DOD computer system, authorized or
unauthorized, constitutes consent to monitoring of this system. Unauthorized use
may subject you to criminal prosecution and penalties."
• The default Web login banner text can be overridden by providing a banner.txt file
in the /user directory.
• The SSH and terminal interface will display the following banner after a
successful login: "DOD use only! Subject to monitoring, reporting, prosecution,
and penalties."