Specifications
Terminal (Program Port/Telnet) Commands
101
NX-Series Controllers - WebConsole & Programming Guide
Terminal Commands (Cont.)
Command Description
SET SECURITY PROFILE Sets a pre-defined Security Profile (a grouped set of security settings). The Security
Profile can be set to "none" (default setting), "Secure", or "DOD" (see below).
Note: The Security Profile can only be configured via the terminal interface of the
Master's Program port.
Example:
set security profile
When you press Enter, the system responds with:
Current Security Profile = 0 (none)
Enter new security profile (0=none, 1=secure, 2=DOD):
Once you enter a value and press Enter, the system responds with:
New security profile set, reboot the Master for change to fully take
effect.
The three Security Profiles are described below:
None (default):
• No security is enabled and all Master interface ports are available including
HTTP, HTTPS, Telnet, SSH, FTP and terminal access.
• Logins are not required on the Master's Web, Telnet and terminal interfaces.
This is the default out-of-the-box configuration.Secure:
• Unsecured interface ports are disabled including HTTP, Telnet and FTP. Only
HTTPS and SSH and terminal user ports are available.
• All user access requires a username/password login including HTTPS, SSH and
terminal.
• NetLinx/ICSP security is enabled requiring all NetLinx devices connecting with
the Master to provide username/password authentication and encryption.
• Passwords must conform to a stricter set of requirements. They must be at least
8 characters long and contain at least one upper and one lower case alpha, one
numeric and one special character (excluding the blankspace).
Allowed Special Characters:
The following special characters are allowed for use in User Name and Password
entries:
! ” # $ % & ’ ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~
Also allowed are any printable ASCII characters (including "space"): A-Z, a-z, 0-9.
• Passwords cannot contain back-to-back duplicate characters.
• To ensure all account passwords conform to the new standard, all existing user
accounts are deleted and the built-in 'administrator' and 'netlinx' account
passwords are set to the secure default of 'Amx1234!'
• Failed login attempts will force a 4 second delay before a subsequent login
attempt can occur.
• Three consecutive login failures from any location will cause a 15 minute lockout
for the specified user account.
• If a banner.txt file is present in the Master's /user directory, the text from the
banner.txt file will be included on the Master's Web login prompt.
• All user account access will be timed out after at most 15 minutes of inactivity by
the user. Any activity after the timeout will cause the login prompt to be displayed
and login will be required to regain access. The inactivity timer on an SSH and
terminal session will be disabled if "msg on" logging is active.
• All account access including successful and failed logins and logouts will be
recorded in persistent storage. Audit records will be retained for 90 days. The
current audit logs can be viewed via SSH or terminal sessions using the "show
audit log" command. The audit log can be manually cleared from SSH or terminal
session using the "clear audit log" command.