LumiCenter/How to Configure Security Policies
From Luminys WIKI
How to Configure Security Policies
Description
This tutorial covers various security policies within LumiCenter.
Prerequisites
- Logged in via LumiCenter client.
Video Instructions
Coming soon
Step by Step Instructions
1. The security policy feature enables the configuration of restrictions for login access, password validity, and trusted IP addresses. These measures strengthen the security and integrity of the VMS.
2. Password policy
- Minimum passwords in history – Set a minimum password length to ensure stronger security and prevent weak passwords.
- Number of passwords in history – Set the number of historical passwords for each user. Use "0" to disable password history. Stored passwords cannot be reused for new ones.
- Password validity period - Set the password validity period in days. Use "0" to make passwords never expire. After expiration, a new password will be required.
- Username: should contain at least six characters and at least two digits; should not include common role names, such as: user, admin, administrator, administrator1, root, super, superuser, supervisor.
- Password: The password must consist of at least eight characters and fulfill at least three of the following criteria for passwords with fewer than 10 characters, or at least two criteria for passwords with 10 or more characters: at least one uppercase letter; at least two lowercase letters; at least three digits; at least four special characters from the following set: .,:;!?|/()[]{}+-=<>"@'#$*%^&_~
- Prevent multiple logins of the same user account – The number of sessions per user is limited to one, applying to both web and mobile apps.
3. Security policy (continued)
User account locking policy
- Maximum failed logon attempts - Setting the number of failed login attempts to 0 will prevent the user account from being locked.
- Account lockout duration - Setting the duration of user account lockout to 0 will result in the account being locked until manually unlocked by an admin.
- Do the following actions when system integrity compromised:
- Determine which action to take when system integrity compromised
- Show warning to all users
- Show warning to administrators only
- Block all users without administrator rights Stop non-vital services
Filter of allowed IP addresses
- Allowed/Trusted - Enter the IP address and subnet mask to define the range of IP addresses allowed to connect to LumiCenter. If the IP is listed in Trusted, hosts within that range can execute HTTP API queries without authentication. This feature is still under development (as of September 2024).