Certificate – Raritan Computer Raritan ASMI G4 User Manual
Page 79

Chapter 6. Menu Options
IP Access Control
This section contains settings for the ASMI module’s built-in firewall. The firewall can be enabled
or disabled. When enabled the firewall allows you to explicitly block or allow connections from
certain client IP addresses.
If the default policy is set to DROP, a list of IP addresses or address ranges can be configured to be
exceptionally ACCEPTed. When the default policy is set to ACCEPT, a list of IP addresses or
address ranges can be configured to be exceptionally DROPped.
Tip: It is a good idea to DROP everything and then only ACCEPT a few connections. This is a
lot more secure, than the other way around.
The network or address range has to be configured in CIDR (Classless Inter-Domain Routing)
notation, e.g. 192.168.1.0/24. It has to consist of a IP address followed by a slash and the number of
relevant bits belonging to the network or address range (counting from the left).
Group Based System Access Control
This is similar to the option above, except that you can specify a group of IP addresses and not a
network with a network mask.
User Blocking
When someone attempts to login to the ASMI module and fails, you can specify how many failed
login attempts the ASMI module should tolerate before waiting for the specified number of "Block
Time" minutes before it allows further logins. This is useful for blocking automated hacking and
cracking attempts.
Login Limitations
You can specify if only a single user is allowed to login to the ASMI module at one time. Note that
if you do so, this greatly reduces the usefulness of for example the chat window, because you can
then only talk to yourself. Also if another administrator is logged in from a different location, then
you will be blocked acessing the ASMI module.
Password aging is the time interval at which users are required to change their password. Some
systems refer to this as "Password Expiry".
70
