Accounts

The Administration > Account Management > User Accounts page allows those with Administrator accounts to add, audit, edit, copy, enable, disable, delete and unlock user accounts and specify global settings affecting password requirements and login actions.

Additionally, NetProfiler can authenticate and authorize logins remotely using RADIUS, TACACS+ or SAML 2.0.   more

Account role permissions

To protect the security of NetProfiler, Administrators should provide users with accounts authorizing the permissions appropriate to their role responsibilities. NetProfiler provides user accounts roles include:

  • Administrator – Administrators set up the NetProfiler on the network, set up user accounts, monitor NetProfiler status and usage, and perform backup operations.  A user with an Administrator account can access all NetProfiler functionality. Only those with Administrator accounts can specify mitigation actions, view the user activities log, grant users the ability to run user reports, specify global account settings, manage user accounts, and set passwords other than their own.

  • Operator – Operators are responsible for the operational configuration of the NetProfiler. This includes managing groups, alerting thresholds, event detection tuning, traffic reporting and event reporting.  Operators can also modify NetProfiler network settings and run vulnerability scans.  However, they cannot specify mitigation actions, view the audit trail page, specify global account settings, or modify user accounts or other people’s passwords.  

  • Monitor – Monitors check the Dashboard page for new events or unexpected activity. They can run traffic reports and view all Reports pages. They can create new dashboards and make them public. They can also view the appliance status page. The only settings pages that Monitors can change are Administration > User Preferences and Change Password. Typically, a user with a Monitor account is in a network operations center.

  • Dashboard Viewer – Dashboard viewers can log in and view the displays on the Dashboard page. They cannot navigate away from the Dashboard page except to go to the Administration > User Preferences and Change Password pages. Additionally, right-click menus and reporting links are not active for Dashboard Viewer accounts.

  • Event Viewer – Event Viewers can use their log name and password to view an Event Detail report whose URL they have obtained from a network management system. They cannot take any actions on the event or navigate away from the Event Detail report.

  • Restricted - A Restricted user account allows a user to view reports and data for only specified hosts, host groups, subnets, interfaces and devices. You can specify these when you add or edit the account. Restricted user accounts cannot access the following types of information:

    • User identity

    • Policies

    • Events and Event Details

    • Security

    • Service- oriented or Service-Location- oriented

    • Audit

Additionally, they cannot view the Network Navigator page. They can view dashboard widgets and run traffic reports that do not include these types of information. They can view network traffic and WAN optimization information. The only settings pages that a Restricted account user can change are User Preferences and Change Password.

Managing user accounts

User accounts are managed both globally and by user. Global account settings control password requirements and log in actions that apply to all users (except where they can be exempted on individual accounts).  

To add, modify or delete a user account, change the password of another user, or to modify global account settings, you must be logged in as admin or another account with Administrator permission.

Security considerations

To protect NetProfiler security, Administrators should consider the following when configuring global account settings and creating accounts:

  • Create an account having only the permission level appropriate to the user’s responsibilities.  

  • Follow your organization's guidelines for password composition and aging.

  • Use the lowest inactivity timeout value practical for the user role.

  • Require the user to change the password upon the first login.

  • Do not enable database access unless the user requires external access to the NetProfiler traffic information database.

  • Do not enable User Reporting unless the user needs to identify other users by user name.

Global account settings

Add a user account

Add a restricted user account

Edit  a user account

Delete a user account

Change password

User role permissions

Remote authentication