Security considerations, Security considerations overview – HP UPS Management Modules User Manual

Security considerations 115

Security considerations

Security considerations overview

The management module implements strict security for two important reasons:

•

The module manages devices that have the potential to perform operations that are sensitive and
destructive.

•

The management module has browser accessibility.

To better ensure the security of the management module and the devices it manages, consider the
following topics in accordance with your organization's security policies and the environment in which the
module will operate.

•

Remote access to the management module requires a user account. Logging in requires the use of a
user name and password, which should be kept properly secured.

•

Each account can be given different access levels, providing different capabilities. Ensure that the
appropriate access level is granted to users.

•

Browsing to the management module can be done using SSL, which encrypts the data between the
browser and management module. The module is supported by a 128-bit encryption level. SSL also
provides authentication of the management module by means of its digital certificate. Securely
importing this certificate must be done to ensure the identification of the management module.

•

Use a custom SSL certificate that is certified by a third-party SSL authority.

•

Use non-standard ports for the management module web interface.

•

Disable telnet if remote configuration is not used.

•

Disable the web interface if the web interface is not preferred.