Remote access

The remote support feature allows for configuring Web Security Manager to allow requests from Alert Logic to port 22 on any of the systems ip addresses.

When enabled Alert Logic Support can connect to the underlying OS in order to help diagnose and troubleshoot problems.

Only requests originating from an Alert Logic support IP address will be redirected. Enable or disable ssh access to management IPs.

Enable SSH access to management IPs

Check box

If checked, Web Security Manager will allow ssh connections to the same IP addresses as the GUI is bound to.

Enable or disable remote support access.

Enable remote sup- port and monitoring from Alert Logic

Check box

If checked, requests from Alert Logic to port 22 on any of the systems interfaces will be allowed.

To view detailed settings and verify that remote support is disabled use the system remotesupport

status command in the CLI (Section 2.22, “system remotesupport”).

If remote support is enabled the system will display a warning on the console when booted.

2.12. Management GUI

Manage password requirements, session and login restrictions and SSL certificate.

2.12.1. Password requirements

Minimum password length in number of characters

Minimum length

Input field Valid input

Number in the interval 6 to 64 Default value

8

Require one or more letter character, a-z + international.

Letter characters re- quired

Check box

Require one or more digits.

One or more digits (0-9) required

Check box

Require a combination of upper and lower case characters.

Combination of up- per and lower case required

Check box

Require one or more special (non-alphanumeric) characters.

Non alphanumeric characters required

Check box

2.12.2. Login and session restrictions

Number of seconds the management GUI can be idle before the user is logged out. Idle timeout Input field Valid input timeout in seconds 20 to 86400. Input example 900 - 15 minutes Default value 600

Number of seconds to wait after a failed login attempt before a new at- tempt can be made.

Failed login delay

Input field

Valid input

timeout in seconds 0 to 60. Default value

3

Number of failed login attempts allowed before the failed login action is taken.

Failed logins limit

Input field

Valid input

Number of attempts 1 to 100. Default value

5

What to do if a user exceeds the failed logins limit.

Failed logins action

Dropdown Options:

None

No action Lockout

The user account is locked for the configured duration. After the configured the duration the user account is unlocked and the user can log in.

Suspend

The user account is suspended and cannot be used until is the ac- count status has been set to OK by an administrator.

User account status can be set in System : Users or in the console (Section 2.10, “set user”)

Valid input

None, Lockout, Suspend

Input example

Lockout

Default value

None

If enabled, user will receive an error message in the login page if the account has been locked or suspended.

Notify user on lock- out and suspend

Check box

Enable suspending of accounts that has not been active for a specified duration.

Suspend inactive ac- counts

Check box

Number of days a user account can be inactive before it is automatically suspended.

Account inactivity threshold

Input field Valid input

Duration in days 1 to 1000. Default value

90

2.12.3. SSL certificate

Management GUI SSL certificates can either be self signed or imported certificates.

In the SSL certificate section the current SSL certificate in use is displayed. To upload a new cer- tificate click the Manage GUI certificates button.

2.12.3.1. Generate self-signed SSL certificate

To generate a self signed certificate enter the certificate information in the input fields. Click Save settings in the lower button pane.

Importing the PKCS12 format

If the certicifate is in the PKCS12 format follow the guidelines below: 1. Enter the path to the certificate file in the PKCS12 file input field. 2. Enter Passphrase in the Passphrase input field.

3. Click Save settings in the lower button pane.

If Validate certificate chain is enabled Web Security Manager will validate and order the chain certificates.

Importing the PEM format

If the certificate is in the PEM format follow the guidelines below:

The public key/certificate is the section of the certificate file between (and including) the certificate start and end tags. Example:

---BEGIN CERTIFICATE--- Certificate characters ---END CERTIFICATE---

2. Select Import SSL certificate In the Web Security Manager management interface Paste the SSL public key/certificate into the SSL-certificate field.

3. Now copy the (SSL) private key section of the certificate. The (SSL) private key is the section of the certificate file between (and including) the private key start and end tags. Example:

---BEGIN RSA PRIVATE KEY--- Private key characters ---END RSA PRIVATE KEY---

4. Enter the passphrase for the private key in the passphrase field (if the original private key was encrypted).

5. If a certificate authority chain is provided with your certificate enter the entire list of certificates (more than one certificate may be provided) in the SSL authority certificate(s) chain field If Validate certificate chain is enabled Web Security Manager will validate and order the chain certificates.