The Global Security Options feature allows you to compel users to select strong passwords and set password lifetimes. The SBC also incorporates several anti-hacking features that help prevent unauthorized access. The restrictions and limits set by this feature apply to local users only.

Password construction and lifetimes for AD and RADIUS users are controlled by their respective authorization schemes. However, RADIUS and AD users are still subject to lockouts due to failed login attempts.

Note

Modifying the Global Security Options is available only to users with administrator level access.

Password Recovery for SBC SWe Lite

To recover a lost password:

Password Resets and New Users

After the administrator adds a new user, that user is prompted to enter a new password the first time they log into the SBC. Also, if an administrator resets a current user's password, the user's current session is terminated and the user is then prompted to enter a new password (compulsory password change).

New password entry is forced in these situations and the user will not be allowed to proceed with the login process until they have correctly entered a new password.

Password Lockout

When a user exceeds the maximum number of failed attempts, they are locked out of the system for the time specified in the configuration, however if the SBC is rebooted, the lockout is terminated.

REST Users

Unlike the various WebUI access users (Admin, Read-Only, etc.), REST users are not subject to the constraints of password complexity, forced password reset, or password lifetimes.

Working with Global Security Options

  1. In the WebUI, click the Settings tab.
  2. In the left navigation pane, go to Security > Users > Global Security Options.

    Global Security Configuration

     

Global Security Options - Field Definitions

Enhanced Password Security

Used to enable and disable Global Security Options.

Minimum Password Length

Specifies the minimum number of characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Upper Case Characters

Specifies the minimum number of upper case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Lower Case Characters

Specifies the minimum number of lower case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Digit Characters

Specifies the minimum number of numeric characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Special Characters

Specifies the minimum number of special characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Mimimum Delta Previous Password

Specifies the minimum number of characters which must be different from the previous password. This field is only available when Enhanced Password Security is enabled.

Maximum Consecutive Characters

Specifies the maximum number of times any character may appear consecutively in a password. This field is only available when Enhanced Password Security is enabled.

Set Password Lifetime

Enables and disables password lifetimes.

Maximum Password Lifetime

Specifies the maximum lifetime of a password in days. This field is only available when Set Password Lifetime is enabled.

Note

Users are required to enter a new conforming password at the next login subsequent to the expiration of their current password's lifetime.
Although a user may not log into the SBC until they update their password, their account is not disabled.

Number Failed Logins To Lockout

Specifies the maximum number of failed log in attempts before the SBC locks out the user.

Lockout Duration

Specifies the period of time, in minutes, the user is locked out of the SBC after reaching the maximum number of failed log in attempts.

Password Recovery

Enables/disables the Password Recovery mechanism for Admin passwords. If this field is set to True, you are able to initiate the password recovery mechanism for loss of the Admin password. Default entry: False.

For detailed information, see Recovering Admin Passwords.