Configuration: system > logging – VBrick Systems VB5000 User Manual
Page 56
48
© 2009 VBrick Systems, Inc.
Improving Security
You can improve security by (1) blocking unauthorized attempts to login and access a device
and (2) by reducing exposure to malicious software attacks. The most common vulnerability
is related to user accounts and passwords. After a successful installation, you should
immediately change the default passwords. Many attacks come from within an organization
and this helps to minimize the risk. The IWS login is generally secure since it utilizes
encryption techniques to hide usernames and passwords from network spyware.
Malicious software covertly attaches itself to unsuspecting devices. These programs are
generally designed to compromise personal information or to create system havoc. Since the
VBrick appliance uses an industrial-grade operating system, it is less susceptible to malicious
software and unlikely to be a target of programs designed to attack PC-based systems like
Microsoft, Linux, and others. However, you can still take additional steps to minimize risk.
VBrick tries to make installation as simple and quick installation and many features are
automatically enabled by default even though you may not need them. You can selectively
disable unneeded features to reduce vulnerability. Another common problem is Denial of
Service (DoS) attacks. A DoS sends floods of packets to an unsuspecting remote system in an
attempt to disrupt or stop normal operation. These unsuspecting remote systems are typically
discovered using ICMP or ping. It is standard industry practice to block all ICMP and ping
requests from off-net foreign hosts. This is typically done in a centralized location using
router/firewall technology which is more successful and cost effective than resolving the
issue at each host.
Configuration: System > Logging
Certain log events are captured and can be viewed locally. This local log is saved in volatile
memory and hold the most recent 20 entries. See Status: System Log on page 73 for examples
of log information. To save log information indefinitely, it is recommended that remote
logging be utilized. Remote servers generally offer ample storage and offer the additional
External SNMP
Default = Enabled. Disabled will prevent you from using an
external MIB browser to view or write parameters.
External SNMPv1
and SNMPv2 Access
Default = Enabled. You can use both SNMP v1/v2, and v3. For
tightest security, set parameter to Disabled and use SNMPv3 only.
Remote Support
Enable
Default = Disabled. Check to enable remote support by VBrick
Support Services. Note: Any change to this parameter will reboot the
appliance.
Remote Support Poll
Enable
Default = Enabled. The default enables continuous polling through
the firewall. If desired, you can enable polling only when you need
to establish a remote connection. This will not reboot the appliance.
Remote Support
Server
Default =
remote.vbrick.com
. Use the default if a DNS server is
defined on the Configuration: Network > Ethernet page. If a DNS
server is not defined, you must enter an IP Address in this field.
Contact Support Services for details.
IWS Server Port
Specifies the listener port for management and HTTP connections.
Default = 80. Typically port 80 is the default value used by PC web
browsers. To access a different HTTP port, the remote IWS client
user would specify the URL as follows:
http://IPaddress:port
where
IPaddress
= VBrick IP address or hostname, and port.