Security faqs – Raritan Computer CCA-0N-V5.1-E User Manual

Page 401

background image

Appendix I: FAQs

383

Question

Answer

for authentication with
directory services and
security tools such as LDAP,
AD, RADIUS, and so on?

authentication.

Remote authentication servers supported include: AD,
TACACS+, RADIUS, and LDAP.

Why does the error message
"Incorrect username and/or
password" appear after I
correctly enter a valid
username and password to
log into CC-SG?

Check the user account in AD. If AD is set to "Logon
To" specific computers on the domain, it disallows you
to log into CC-SG. In this case, remove the "Logon
To" restriction in AD.

Security FAQs

Question

Answer

Security

Sometimes when I try to log
in, I receive a message that
states my “login is incorrect”
even though I am sure I am
entering the correct
username and password.
Why is this?

There is a session-specific ID that is sent out each
time you begin to log into CC-SG. This ID has a
time-out feature, so if you do not log into the unit
before the time-out occurs, the session ID becomes
invalid. Performing a Shift-Reload refreshes the page
from CC-SG, or you may close the current browser,
open a new browser, and log in again. This provides
an additional security feature so that no one can recall
information stored in the web cache to access the unit.

How is a password secure?

Passwords are encrypted using MD5 encryption,
which is a one-way hash. This provides additional
security to prevent unauthorized users from accessing
the password list.

Somet

imes I receive a “No

longer logged in” message
when I click any menu in
CC-SG, after leaving my
workstation idle for a period
of time. Why?

CC-SG times each user session. If no activity
happens for a pre-defined period of time, CC-SG logs
the user out. The length of the time period is pre-set to
60 minutes, but it can be reconfigured. It is
recommended that users exit CC-SG when they finish
a session.

As Raritan has root access
to server, this may
potentially cause issue with
government bodies. Can
customers also have root
access or can Raritan
provide a method of
auditability/accountability?

No party will have root access to server once the unit
is shipped out of Raritan, Inc.

Is SSL encryption internal as Both. The session is encrypted regardless of source,