System Security Management

Purpose

Use this form to set the password strength used to log into the System Administration Tool and the duration of the session inactivity timer which automatically logs out the user after a period of inactivity. You can also configure a Login Banner in this form to warn users against unauthorized system access or use.

Conditions

Following a full installation of MCD 5.0, users will be forced to change the factory default password to a ‘Weak’ password of their choosing. Password changes after an upgrade are only required if the user’s login password does not meet the requirements of a ‘Weak’ password as described below. Similarly, users will be required to change their passwords following a pre-MCD 5.0 database restore if the passwords do not meet the Strength requirements specified in this form.

Forced password changes do not apply to MiXML, FTP, and RTC shell logins. Users can log in with the factory default password until it is changed from the System Administration Tool login page.

A particular-strength password will also be valid on systems requiring lower-strength; that is, a medium-strength password will also be valid on a "weak" system; a "strong" password will be valid on any system - regardless of the password strength setting.

Logging in to the system using MiXML with the factory default password generates a maintenance log.

The number of consecutive failed login attempts allowed is hardcoded at three.

Forgotten passwords can be reset using the following maintenance commands:

Reset Login Password

Reset All Login Passwords

Field Descriptions

Parameter

Description

Default Value

False (No banner)

Banner Text

The text that will appear on the Login Banner.

Example:

THIS IS A PRIVATE COMPUTER SYSTEM: It is for authorized use only. Users (authorized and unauthorized) have no explicit or implicit expectation of privacy.

Any or all uses of this system and all files on this system may be intercepted, monitored, recorded, copied, audited, inspected, and disclosed to authorized site and law enforcement personnel, as well as authorized officials of other agencies, both domestic and foreign. By using this system, the user consents to such interception, monitoring, recording, copying, auditing, inspection, and disclosure at the discretion of authorized site personnel.

Unauthorized or improper use of this system may result in administrative disciplinary action and civil and criminal penalties. By continuing to use this system you indicate your awareness of and consent to these terms and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions stated in this warning.

Blank

Password Strength

Determines the rules users must follow when creating a password.

Options are as follows:

Weak

6 to 20 alphanumeric characters in length
does not contain the user's login ID (username), current password, or the default System password
valid characters are: upper- and lower-case letters, numbers (0-9), and special characters (` ~ ! @ # $ % ^ & * ( ) - _ = +)

Medium

7 to 20 alphanumeric characters in length
does not contain user's current password or the default System password
does not contain, repeat, or reverse the associated user ID
does not contain three of the same characters used consecutively
valid characters are: upper- and lower-case letters, numbers (0-9), and special characters (` ~ ! @ # $ % ^ & * ( ) - _ = +)

Strong

15 to 20 characters using at least two characters from each of the four character sets, that is: upper-case letters (A-Z), lower-case letters (a-z), numbers (0-9), and special characters (` ~ ! @ # $ % ^ & * ( ) - _ = +)
does not contain user's current password or the default System password
does not contain, repeat, or reverse the associated user ID
does not contain three of the same characters used consecutively
differs from the previous password by at least four characters

Weak

User Session Inactivity Period

The number of minutes of inactivity that must elapse in the current System Administration Tool session before the session is automatically terminated.

NOTE: This timer, if set to expire too soon, could interfere with the successful completion of certain system processes such as form data imports or exports. If such a process aborts because of a forced session termination, increase the timer duration and re-attempt.

Other events that may result in session termination before this timer expires:

A Multi-node Management backup, System Data Synchronization (SDS) sync, or any network-wide actions performed from any node in a SDS network.
The system time is changed to a time beyond when the timer is set to expire.
The current System Administration Tool session is logged out from the tool selection page (the parent page), and there is another login from the same parent browser window, resulting in the termination of the first session.

If a session was terminated because of an actual timeout (as opposed to a forced termination), an msplogs log similar to the following is generated:

50 LOW 2011/09/01 15:33:56 Login/Logout Security Audit Audit Action Type: logout
UserName: system

User Validated: true
Session Available: true
Session ID: 163
Comments: Terminated by timeout.

15 minutes

Password Expiry Interval

Specify the number of days in the range 0 to 365 before the password expires and is no longer valid. If a user attempts to log in after the password has expired, the system prompts for a new password before the user is allowed in.

NOTE: All password changes are time-stamped even if the password never expires. This means that an administrator who changed his or her non-expiring password 30 days ago (for example) and then sets it to expire in 15 days will be prompted for a password change on the next login attempt, which could be 5 minutes later.

0 (never expire)

Phone Administrator Passcode

Enter a passcode to secure access to the advance settings on 69xx phones.

The field accepts digits 0 to 9 only. The minimum passcode length is four, the maximum is 10.

See the 69xx Administrator's Guide on the Mitel Document Center website for more information about the advanced settings.

Blank

Application SSL Security Level

SIP

Specify an SSL security level for the application.

High - TLS 1.2 enabled. TLS 1.0 and 1.1 disabled.
Low - TLS 1.0+, RC4, and IDEA not available. (as available in MiVoice Business Release 7.x, 8.x, and 9.0)
Legacy - TLS 1.0+, RC4, and IDEA available (as available in MCD Release 6). Required for interfacing with systems running MiVoice Business 6.0 SP2 or higher.

NOTE: If you modify the security level of an application (except SIP), you must manually reboot this node (element) and all the other nodes with which SDS for this form is enabled.

High

IP Sets

High

IP Trunks

High

Trusted Applications

High

System Data Synchronization

High

MiTAI

High

Data Services

High