Configuring the System Security Policy

The system security policy contains the password policy, login policy, and session timeout duration. Configuring the system security policy can improve the system security.

Procedure

  1. Choose System > System Administrators > Security Policy .
  2. Click .



  3. Set the security policy parameters on the Modify Security Policy page, as described in Table 1.

    Table 1 Security policy parameters

    Parameter

    Description

    Value

    Minimum length

    Minimum length of the password, avoiding too short passwords.

    Default value: 8 characters.

    You are not advised to set Minimum length to 1 characters. Otherwise, the password is easy to crack.

    Complexity

    Complexity of the password, avoiding too simple passwords.

    Default value: must contain letters, digits, and special characters at the same time.

    Do not set Complexity to No limit. Otherwise, the password is easy to crack.

    Set a validity period for the password

    Indicates the validity period of the administrator password. Password validity period setting forces the administrator to change the password before the period ends.

    This function is disabled by default.

    You are advised to enable this function. Otherwise, the password is easy to crack.

    Useful-life (days)

    Indicates the validity period of the administrator password, in days.

    Default value: 90.

    You are advised to change the password periodically. Otherwise, the password is easy to crack.

    Timeout (minutes)

    If the online user performs no operation within this timeout duration, the system will display the message of timeout upon the next operation. In this case, click OK to return to the login page.

    Default value: 100.

    Allow Intercurrent Login

    Multiple administrators are allowed to log in at the same time.

    Default value: Disabled.

    Incorrect password lock

    After the incorrect password lock is enabled, the administrator will be locked when its password is entered incorrectly more than Allowed attempts times within 10 minutes.

    Default value: Enabled.

    Allowed attempts

    Times allowed for consecutively entering incorrect passwords. When the number of error times reaches the specified value, the ATIC Management center automatically locks the account.

    NOTE:

    After the administrator is locked, it can be manually unlocked by the default administrator admin or another administrator who has the unlock permission, or automatically unlocked after the lock time is up.

    After the incorrect password lock is enabled, you can set this parameter.

    Default value: 5.

    Lock mode

    Indicates the handling mode of the system if the number of failed login attempts reaches the upper limit. The available modes are Lock permanently and Lock (minutes).

    The default value is the lockout duration.

    Lock permanently

    If this item is specified, the system permanently locks out the account if the number of failed login attempts reaches the upper limit. In such a case, the account can be unlocked only by another administrator.

    -

    Lock (minutes)

    Period of the administrator being locked. When the lock time is up, the administrator is automatically unlocked.

    • This parameter is only valid for the automatic lock. If the administrator is locked manually, it can only be unlocked manually.

    • After the incorrect password lock is enabled, you can set this parameter.

    Default value: 3.

    For example, because the administrator test enters incorrect passwords for more than Allowed attempts times, the administrator is locked automatically. If Lock (minutes) is set 3, the administrator will be unlocked automatically three minutes later.

  4. Click OK.
Parent topic: Configuring the System Administrators
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.