Security compliance

The Administration > Appliance Security > Security Compliance page controls security features that are used to comply with various contractual and regulatory requirements. It has four sections:

• Operational modes – control the security posture of the appliance by automatically enabling sets of security features and disabling certain types of access to the appliance.

• Cryptography – controls the minimum TLS version used by the appliance.

• Accounts – controls shell access and system account passwords.

• Access – controls remote access to the appliance.

Changes made to the settings in these sections are not applied to the appliance configuration until you click Configure Now at the bottom of the page.

Operational modes

The security posture of the appliance is determined by its operational mode. There are four operational modes that control the security features:

• Standard

• Strict Security

• FIPS 140-2 Compatible Cryptography

• Strict Security and FIPS 140-2 Compatible Encryption

These operational modes are independent of the shell access selection.

Cryptography

The Cryptography section lets you specify a minimum TLS version for connections to the NetProfiler Supported TLS versions are 1.1, 1.2, and 1.3. By default, the minimum TLS version is set to TLS 1.2 on new appliances. 

Note: Be careful when setting the Minimum TLS setting to Version 1.3 since it will allow connections using TLS version 1.3 only. NetProfiler can integrate with several products and services that do not yet support TLS version 1.3; to work, these integrations require that the minimum TLS version is 1.1 or 1.2.  

Accounts

The Accounts section enables you to specify a shell access mode and to change the passwords of system accounts. The User Accounts list displays only system accounts. It does not include user accounts for the web user interface.

When the Shell Access mode is set to Shell Enabled, you can enable or disable logins individually for each system account. When you switch to a different Shell Access mode, access is restricted.

There are three Shell Access modes:

• Shell Enabled

• Challenge Mode

• Shell Disabled

Note:  Switching to the Shell Disabled mode is a reversible process as of release 10.20. In prior releases this was irreversible and the only way to regain access to the shell after it has been disabled was by reloading the software and starting over from a fresh installation.

Access

The Access section of the page controls:

• ODBC access

• Remote access

Appliance security