Manualshelf

Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device
101102103104105106107108109110
Detecting Toll Fraud
Issue 7 June 2001
4-51
Forced Password Aging and Administrable
Logins
DEFINITY G3V3 and later releases, which includes DEFINITY ECS, provide two
features for enhanced login/password security. The first, Forced Password Aging,
is a feature that the superuser administering the logins may activate. The
password for each login can be aged starting with the date the password was
created or changed, and continuing for a specified number of days, from 1 to 99.
A user is notified at login, seven days before the password expiration date, that
his or her password is about to expire. When the password expires, the user is
required to enter a new password into the system to complete the login process.
Once a non-superuser has changed his/her password, the user must wait 24
hours to change the password again.
When a login is added or removed, the Security Measurement reports will not be
updated until the next hourly poll, or until a
clear measurements
security-violations
command has been entered.
The second feature, Administrable Logins, allows users to define their own
logins/passwords and allows superusers to specify a set of commands for each
login. The system will allow up to 11 customer logins, each of which can be
customized. Each login must be 3 to 6 alphabetic/numeric characters, or a
combination of both. A password must be 4 to 11 characters and contain at least
one alphabetic and one numeric symbol. Passwords can also contain any of the
following symbols: ! & * ? ; ^ ( ) , . : - @ # $ %
NOTE:
The Monitor Security Violation Login tool is used to show the invalid login
used and the date, time, and port that was used.
New shipments of the DEFINITY G3V3 and later are shipped from the factory with
no customer logins and/or passwords defined. One customer superuser password
is administered during installation. The customer must administer additional
logins/passwords as needed. The superuser login has full customer permissions
and can customize any login he or she creates.
On upgrades to the DEFINITY G3V3 or later, which includes DEFINITY ECS,
customer logins and passwords are carried forward. Password aging is set to one
day, and customers must customize their logins/passwords following upgrades.
Login permissions for a specified login can be set by the superuser to block any
object that can affect the health of the switch. Up to 40 administration or
maintenance objects (commands) can be blocked for a specified login. When an
object (administrative or maintenance command) is entered in the blocked object
list on the Command Permissions Categories Restricted Object List form, the
associated administrative or maintenance actions cannot be performed by the
specified login.