logo.gif VCR 2220
host: vcr.northwestern.edu

Understanding security warnings

The Security status page displays a list of active security warnings for the IP VCR. To access this information, go to Status > Security. Security warnings identify potential weaknesses in the security of the IP VCR's configuration. For more information on configuring security settings, refer to Configuring security settings. For more detailed information on the security status, refer to Displaying security status.

The table below details the warnings that appear, and the relevant actions needed to rectify them.

Warning Action Explanation
Advanced password security is disabled

Enable advanced account security mode in security settings

If advanced account security mode is not enabled, passwords will be stored in plain text in the configuration file, and therefore be unsecure.

To enable advanced account security mode, go to Settings > Security and enable Advanced account security mode.

Hide log messages on console is disabled

Enable hide log messages on console in serial console settings

To hide log messages on the console, go to Settings > Security and select Hide log messages on console. This will stop event messages appearing on the console.

Require administrator login to console is disabled

Enable require administrator login in serial console settings

You must log in using an admin account to access serial console commands, in this way the serial console will be more secure.

To do this, go to Settings > Security and select Require administrator login.

Guest account is enabled

Disable the guest account.

By default the guest user account is assigned the privilege of 'conference list only', meaning that users who log in as guest can view the list of active conferences and change their own profile. Disabling the guest account makes the IP VCR more secure.

To disable the guest account, go to Users > User list and select Guest. Select Disable user account.

Admin account has default username

Change the admin account username

The IP VCR must have at least one configured user with administrator privileges. By default, the User ID is "admin" and no password is required.

To change the admin account username, go to Users > User list and select admin. Enter a new username in the User ID field and click Update user settings.

Unsecured FTP service is enabled

Disable FTP in network TCP services

Information sent using FTP is unencrypted and sent in plain text; therefore, it is possible for people to discover usernames and passwords easily.

To disable FTP, go to Network > Services and encure FTP is not selected.

Unsecured HTTP service is enabled

Disable HTTP in network TCP services

Information sent using HTTP (Web) is unsecured and not encrypted.

To disable HTTP, go to Network > Services and ensure Web is not selected. We recommend that you select Secure web.

Unsecured SNMP service is enabled

Disable SNMP in network UDP services

Information sent using SNMP is unencrypted and sent in plain text; therefore, it is possible for people to discover usernames and passwords easily.

To disable SNMP, go to Network > Services and ensure SNMP is not selected.

Auto-refresh of web pages is enabled

Change auto-refresh interval to "No auto-refresh"

If your IP VCR is set to auto-refresh it could mean that on an idle IP VCR a session will never time out.

To turn off auto-refresh, go to Settings > User interface and change Status page auto-refresh interval to No auto-refresh.

Audit logging of configuration changes is disabled

Enable the audit log

If the audit log is disabled, the IP VCR will not create an audit log. To enable audit logs, go to Logs > Audit log and select Enable auditing. (See Working with the audit log.)

For more information on the audit log, refer to Configuring security settings.

Audit logs hash check failed, audit system integrity compromised

Check system configuration for possible security changes

If audit logs checks fail, it is possible that your IP VCR has been compromised. For example, someone may have taken the compact flash card out and deleted some audit logs.

For more information on the audit log, refer to Configuring security settings

Call encryption is disabled

Enable call encryption

When encryption status is Disabled, no calls on the IP VCR can use encryption.

To enable encryption, go to Settings > Encryption. For Encryption status, select Enabled.

Audit log above 75% capacity

Download and delete audit logs

The audit log has a maximum capacity of 100,000 audit events, or the size limit of the compact flash card. When you are nearing either of these limits, the IP VCR will give you this warning. If you reach full capacity of the compact flash card, the IP VCR will 'wrap' meaning that older logs are deleted. To rectify this problem download and clear the audit log.

To do this, go to Logs > Audit log and select Download as XML. Once this has completed, click Delete all records.

Audit log above 90% capacity

Download and delete audit logs.

The audit log has a maximum capacity of 100,000 audit events, or the size limit of the compact flash card. When you are nearing either of these limits, the IP VCR will give you this warning. If you reach full capacity of the compact flash card, the IP VCR will 'wrap' meaning that older logs are deleted. To rectify this problem download and clear the audit log.

To do this, go to Logs > Audit log and select Download as XML. Once this has completed, click Delete all records.

Shell not secured for startup

Disable the serial input during startup.

If Disable serial input during startup isn't selected, the serial console is not protected during application startup. This means users will have access to debug services in the operating system.

To disable this, go to Settings > Security, and select Disable serial input during startup.

Related topics