Security profiles, Pre-defined security profiles – Cyclades User's Guide User Manual

Web Manager for Administrators

221

Configuration

T

To Configure Group Authorization on a TACACS+ Server

1. On the server, add “raccess” service to the user configuration and define

which group or groups the user belongs to.

2. If "raccess" service is already defined, add the group information to it.

3. “Enable Raccess Authorization” on KVM/net through the Web Manager at

Configuration>Security>Authentication>Tacacs+ form.

Security Profiles

A Security Profile consists of a set of parameters that can be configured in
order to have more control over the services that are active at any time. There
are three pre-defined security profiles with pre-set parameters. In addition, a
Custom profile is provided where an administrator can configure individual
protocols and services.

Pre-defined Security Profiles

There are three pre-defined security profiles:

1. Secure - The Secure profile disables all protocols except SSHv2 and

HTTPS. SSH root access is not allowed. Direct access to KVM
connections are not available.

2. Moderate (Default) - The Moderate profile is the recommended security

level. This profile enables SSHv1, SSHv2, HTTP, HTTPS, and Telnet. In
addition, ICMP and HTTP redirection to HTTPS are enabled. Direct
access to KVM connections are not available.

3. Open - The Open profile enables all services such as Telnet, SSHv1,

SSHv2, HTTP, HTTPS, SNMP, RPC, ICMP, and Telnet. Direct access to
KVM connections are available.

user = usergroup1 {

service = raccess {

group_name = <Group1>[,<Group2>,...,<GroupN>];

}

}