The Global Security Options feature allows you to compel users to select strong passwords and set password lifetimes. The SBC 1000/2000 also incorporates several anti-hacking features that help prevent unauthorized access. The restrictions and limits set by this feature apply to local users only.

Password construction and lifetimes for AD and RADIUS users are controlled by their respective authorization schemes. However, RADIUS and AD users are still subject to lockouts due to failed login attempts.

Note

Modifying the Global Security Options is available only to users with administrator level access.

Password Recovery for SBC SWe Lite

To recover a lost password:

  • First check with other members of your organization who have Administrator privileges and have them assist you.
  • If this is not possible, see Contacting Ribbon.

Password Resets and New Users

After the administrator adds a new user, that user is prompted to enter a new password the first time they log into the SBC 1000/2000. Also, if an administrator resets a current user's password, the user's current session is terminated and the user is then prompted to enter a new password (compulsory password change).

New password entry is forced in these situations and the user will not be allowed to proceed with the login process until they have correctly entered a new password.

Password Lockout

When a user exceeds the maximum number of failed attempts, they are locked out of the system for the time specified in the configuration, however if the SBC 1000/2000 is rebooted, the lockout is terminated.

REST Users

Unlike the various WebUI access users (Admin, Read-Only, etc.), REST users are not subject to the constraints of password complexity, forced password reset, or password lifetimes.

Working with Global Security Options


  1. In the WebUI, click the Settings tab.
  2. In the left navigation pane, go to Security > Users > Global Security Options.
  3. Configure the fields. See below for guidance.

  4. Click Apply.

    Global Security Configuration

Global Security Options - Field Definitions

FieldDefinition

Enhanced Password Security

Used to enable and disable Global Security Options.

Minimum Password Length

Specifies the minimum number of characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Upper Case Characters

Specifies the minimum number of upper case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Lower Case Characters

Specifies the minimum number of lower case alphabetical characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Digit Characters

Specifies the minimum number of numeric characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Special Characters

Specifies the minimum number of special characters which must appear in a valid password. This field is only available when Enhanced Password Security is enabled.

Minimum Delta Previous Password

Specifies the minimum number of characters which must be different from the previous password. This field is only available when Enhanced Password Security is enabled.

Maximum Consecutive Characters

Specifies the maximum number of times any character may appear consecutively in a password. This field is only available when Enhanced Password Security is enabled.

Set Password Lifetime

Enables and disables password lifetimes.

Maximum Password Lifetime

Specifies the maximum lifetime of a password in days. This field is only available when Set Password Lifetime is enabled.

Note: Users are required to enter a new conforming password at the next login subsequent to the expiration of their current password's lifetime. Although a user may not log into the SBC until they update their password, their account is not disabled.

Number Failed Logins To Lockout Specifies the maximum number of failed log in attempts before the SBC locks out the user.
Lockout Duration Specifies the period of time, in minutes, the user is locked out of the SBC after reaching the maximum number of failed log in attempts.

Password Recovery

Enables/disables the Password Recovery mechanism for Admin passwords. If this field is set to True, you are able to initiate the password recovery mechanism for loss of the Admin password. Default entry: False.

For detailed information, see Recovering Admin Passwords.

This field is available for SBC 1000/2000 only.

Password Display

For entering passwords, this field determines if a character entered in any password entry box displays as a typed character before displaying as a dot. Two options are available: True (a character typed in any password entry box is briefly displayed as a typed character before displaying as a dot) and False (a character typed in any password entry box is displayed as a dot). Default entry: False.
Explicit Acknowledgement of Pre-Login InfoDetermines whether the Acknowledge Pre-Login Message checkbox is displayed on the Pre-Login screen; this checkbox enables the user to acknowledge the Pre-Login message before entering the system.
  • True. Displays the Acknowledge Pre-Login Message check box at login. Click this checkbox to acknowledge reading the Pre-Login message and enter the WebUI.
  • False. Does not display the Acknowledge Pre-Login Message check box at login.
 

Default entry: False.