Installation Guide for Cisco Security Manager 3.0.2 - Helpful Reference Information [Cisco Security Manager]

Table Of Contents

Helpful Reference Information

Understanding User Accounts

Understanding User Account Security Levels

Understanding User Permissions

Recommendations for Creating Strong Passwords

Helpful Reference Information

This appendix contains the following sections:

•Understanding User Accounts

•Recommendations for Creating Strong Passwords

Understanding User Accounts

Several security management and application management operations are potentially disruptive to the network or to the applications themselves, and must be protected. To prevent such operations from being used accidentally or maliciously, Common Services and Security Manager use a multilevel security system that allows access to certain features only to users who can authenticate themselves at the appropriate level. For this reason, there are three predefined kinds of login IDs.

See Installation and Setup Guide for CiscoWorks Common Services 3.0.5 (Includes CiscoView) on Windows on Cisco.com for detailed information about these user accounts:

•admin — The admin login is equivalent to a Windows administrator and provides access to all Common Services and Security Manager tasks. You must enter the password during installation.

•casuser — The casuser login is equivalent to a Windows administrator and provides access to all Common Services and Security Manager tasks.

•<System Identity> — The System Identity login is equivalent to a Windows administrator and provides access to all Common Services and Security Manager tasks.

Note•You can choose whether to enter the System Identity username and password after installation. Communication among your servers relies on a trust model that uses certificates and shared secrets. The System Identity login is trustworthy to other servers when you use a multiserver setup and therefore facilitates communication between servers that are part of a domain. There can be one System Identity login account on a server.

•If you use Cisco Secure Access Control Server (ACS) for user authentication, you must use it to assign all CiscoWorks privileges to the System Identity user. If you do not use ACS for user authentication, the System Identity user must be a local user with system administrator privileges.

An administrator can create additional unique login IDs for users.

Understanding User Account Security Levels

You determine user security levels when you grant login access to Common Services, Security Manager, or other applications that you install. Each login account is associated with one or more roles. For detailed information about user roles and their associated permissions, see the "Default Associations Between Permissions and Roles in Security Manager" topic in the Security Manager online help or read the equivalent section on Cisco.com here: http://www.cisco.com/en/US/products/ps6498/products_user_guide_chapter09186a00806c2641.html#wp1302012.

Understanding User Permissions

The Security Manager server authenticates the username and password of every user who logs in. When you log in to Security Manager, the options displayed in the GUI depend on the roles assigned to your username. A user with system administrator privileges can access all features, while other users see only a subset of features.

Security Manager user authentication and authorization come from Common Services. See the Common Services online help for details.

Recommendations for Creating Strong Passwords

Never write passwords down, on paper or online. Instead, create passwords that you can remember easily but no one can guess easily. One way to do this is create a password that is based on a song title, affirmation, or other phrase. For example, the phrase could be "This May Be One Way To Remember" and the password could be "TmB1w2R!" or "Tmb1W>r~" or some other variation.

Note Do not use either of those examples as passwords.

Characteristics of a Strong Password

Strong passwords have the following characteristics:

•Contain both upper and lower case characters (e.g., a-z, A-Z).

•Contain numerals and punctuation as well as letters (e.g., 0-9, !@#$%^&*()_+|~ =\`{}[]:";'<>?,./).

•Are at least five alphanumeric characters long.

•Are not a word in any language, and are not slang, dialect, or jargon.

•Are not based on personal information, such as the names of family members.

Characteristics of a Weak Password

A poor, weak password has the following characteristics:

•Contains fewer than eight characters.

•Is a word found in a dictionary (English or foreign)

•Is any other term that is easily guessed or found in common usage, such as:

–The name of family, pet, friend, coworker, or fantasy character.

–A computing term or name, such as a command, site, company, model, or application.

–Is a birthday or another kind of personal information, such as an address or telephone number.

–Is a predictable letter pattern or number pattern, such as aaabbb, qwerty, zyxwvuts, or 123321.

–Any of the above, spelled backwards.

–Any of the above, preceded or followed by a digit, such as secret1 or 1secret.

Password Security Basics

Never reveal a password.

In addition, you must:

•Never talk about a password in front of others.

•Never hint at the format of a password (such as "my family name").

•Never share a password with family members.

•Never use characters from outside the standard ASCII character set. Some symbols, such the pound sterling symbol (£), are known to cause login problems on some systems.

	Installation Guide for Cisco Security Manager 3.0.2
	Helpful Reference Information
Installation Guide for Cisco Security Manager 3.0.2 Preface Overview Requirements and Dependencies Preparing a Server for Installation Installing, Upgrading, Downgrading, Uninstalling, and Reinstalling Server Applications Installing or Uninstalling Security Manager Client Post Installation Server Tasks Preparing to Use Security Manager Security Manager Server Installation GUI Reference Troubleshooting Cisco Security Agent: Standalone Agent Overview Helpful Reference Information Index	Download this chapter Helpful Reference Information Download the complete book Installation Guide for Cisco Security Manager 3.0.2 (PDF - 1 MB) Table Of Contents Helpful Reference Information Understanding User Accounts Understanding User Account Security Levels Understanding User Permissions Recommendations for Creating Strong Passwords Helpful Reference Information This appendix contains the following sections: •Understanding User Accounts •Recommendations for Creating Strong Passwords Understanding User Accounts Several security management and application management operations are potentially disruptive to the network or to the applications themselves, and must be protected. To prevent such operations from being used accidentally or maliciously, Common Services and Security Manager use a multilevel security system that allows access to certain features only to users who can authenticate themselves at the appropriate level. For this reason, there are three predefined kinds of login IDs. See Installation and Setup Guide for CiscoWorks Common Services 3.0.5 (Includes CiscoView) on Windows on Cisco.com for detailed information about these user accounts: •admin — The admin login is equivalent to a Windows administrator and provides access to all Common Services and Security Manager tasks. You must enter the password during installation. •casuser — The casuser login is equivalent to a Windows administrator and provides access to all Common Services and Security Manager tasks. •<System Identity> — The System Identity login is equivalent to a Windows administrator and provides access to all Common Services and Security Manager tasks. Note•You can choose whether to enter the System Identity username and password after installation. Communication among your servers relies on a trust model that uses certificates and shared secrets. The System Identity login is trustworthy to other servers when you use a multiserver setup and therefore facilitates communication between servers that are part of a domain. There can be one System Identity login account on a server. •If you use Cisco Secure Access Control Server (ACS) for user authentication, you must use it to assign all CiscoWorks privileges to the System Identity user. If you do not use ACS for user authentication, the System Identity user must be a local user with system administrator privileges. An administrator can create additional unique login IDs for users. Understanding User Account Security Levels You determine user security levels when you grant login access to Common Services, Security Manager, or other applications that you install. Each login account is associated with one or more roles. For detailed information about user roles and their associated permissions, see the "Default Associations Between Permissions and Roles in Security Manager" topic in the Security Manager online help or read the equivalent section on Cisco.com here: http://www.cisco.com/en/US/products/ps6498/products_user_guide_chapter09186a00806c2641.html#wp1302012. Understanding User Permissions The Security Manager server authenticates the username and password of every user who logs in. When you log in to Security Manager, the options displayed in the GUI depend on the roles assigned to your username. A user with system administrator privileges can access all features, while other users see only a subset of features. Security Manager user authentication and authorization come from Common Services. See the Common Services online help for details. Recommendations for Creating Strong Passwords Never write passwords down, on paper or online. Instead, create passwords that you can remember easily but no one can guess easily. One way to do this is create a password that is based on a song title, affirmation, or other phrase. For example, the phrase could be "This May Be One Way To Remember" and the password could be "TmB1w2R!" or "Tmb1W>r~" or some other variation. Note Do not use either of those examples as passwords. Characteristics of a Strong Password Strong passwords have the following characteristics: •Contain both upper and lower case characters (e.g., a-z, A-Z). •Contain numerals and punctuation as well as letters (e.g., 0-9, !@#$%^&*()_+\|~ =\`{}[]:";'<>?,./). •Are at least five alphanumeric characters long. •Are not a word in any language, and are not slang, dialect, or jargon. •Are not based on personal information, such as the names of family members. Characteristics of a Weak Password A poor, weak password has the following characteristics: •Contains fewer than eight characters. •Is a word found in a dictionary (English or foreign) •Is any other term that is easily guessed or found in common usage, such as: –The name of family, pet, friend, coworker, or fantasy character. –A computing term or name, such as a command, site, company, model, or application. –Is a birthday or another kind of personal information, such as an address or telephone number. –Is a predictable letter pattern or number pattern, such as aaabbb, qwerty, zyxwvuts, or 123321. –Any of the above, spelled backwards. –Any of the above, preceded or followed by a digit, such as secret1 or 1secret. Password Security Basics Never reveal a password. In addition, you must: •Never talk about a password in front of others. •Never hint at the format of a password (such as "my family name"). •Never share a password with family members. •Never use characters from outside the standard ASCII character set. Some symbols, such the pound sterling symbol (£), are known to cause login problems on some systems.
	© 1992-2008 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.