User`s guide
Administrator’s Guide for Polycom HDX Systems
8–36 Polycom, Inc.
Setting Account and Port Lockouts
HDX systems provide access controls that prevent unauthorized use of the
system. One way someone might try to discover valid user names and
passwords is by exhaustively attempting to log in, varying the user name and
password data in a programmatic way until discovering a combination that
succeeds. Such a method is called a “brute-force” attack.
To mitigate the risk of such an attack, two access control mechanisms are
available on HDX systems. The first type of access control, Account Lockout,
is used in conjunction with external authentication, while the second, Port
Lockout, is used when external authentication is not active. Refer to Enabling
External Authentication on page 8-34 for more information.
Account Lockout
Account Lockout temporarily locks an account from accepting logins after a
configurable number of unsuccessful attempts to log in to that account. It is
available only when external authentication is enabled, but protects only the
local HDX system’s Admin and User local accounts. The Active Directory
Server protects Active Directory accounts.
HDX systems provide separate account lockout controls for each of their local
accounts, which are named Admin and User. The account lock can be invoked
due to failed logins on any of the following login ports:
• Local interface
• Web interface
Active Directory Admin
Group
Specifies the Active Directory group whose
members should have access to the Admin
settings on the HDX system. This name must
exactly match the name in the Active Directory
server for authentication to succeed.
Active Directory User Group Specifies the Active Directory group whose
members should have access to the User
settings on the HDX system. This name must
exactly match the name in the Active Directory
server for authentication to succeed.
If external authentication is not active after completing these steps, go to Admin
Settings > LAN Properties and ensure that the Domain Name setting contains
the name of your Active Directory domain.
Setting Description