Sec/User Mgmt: Settings Tab

Document created by RSA Information Design and Development on Apr 25, 2016Last modified by RSA Information Design and Development on Sep 1, 2016
Version 3Show Document
  • View in full screen mode
 

This topic explains the Administration Security view > Settings tab. In the Settings tab, you configure password complexity for internal Security Analytics users and system-wide security parameters.

For information on configuring these parameters, see Set Up System Security.

Password complexity requirements apply only to internal users and are not enforced for external users. External users rely on their own methods and systems to enforce password complexity.  

To access the Settings tab:

  1. In the Security Analytics menu, select Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.

The following figure shows the Password Strength and Security Settings sections of the Settings tab.

SecSettTbTOP.png

The following figure shows the External Authentication and Active Directory Configurations sections of the Settings tab.

SysSecSettTb2.png

The following figure shows the PKI Authentication section of the Settings tab.

10.5.0.2_SysSecSettTb3.png

The following figure shows the CRL Refresh Interval Settings, User Principal Settings, and Enable PKI sections of the Settings tab.

10.5.0.2_SysSecSettTb4.png

Password Strength

The Password Strength section enables you to configure password complexity requirements for internal Security Analytics users when they set their passwords.

                                         
FeatureDescription
Minimum Password Length Specifies a minimum password length requirement for Security Analytics user passwords. A minimum password length prevents users from using short passwords that are easy to guess.
Uppercase Characters Specifies a minimum number of uppercase characters for the password. This includes European language characters A through Z, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic uppercase: Д Ц
  • Greek uppercase: Π Λ
Lowercase Characters Specifies a minimum number of lowercase characters for the password. This includes European language characters a through z, sharp-s, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic lowercase: д ц
  • Greek lowercase: π λ
Base 10 Digits Specifies a minimum number of decimal characters (0 through 9) for the password.
Special Characters (~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/) Specifies a minimum number of special characters for the password:
~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/
Non-Latin Alphabetic Characters Specifies a minimum number of Unicode alphabetic characters that are not uppercase or lowercase. This includes Unicode characters from Asian languages. For example:
  • Kanji (Japanese): 頁 (leaf) 枒 (tree)
Password May Not Contain Username Specifies that a password cannot contain the case-insensitive username of the user.
Apply Provides the option to force all internal users to change their passwords the next time they log on to Security Analytics. 
The confirmation dialog shows the following question:
Do you want to force all internal users to change their passwords on the next login?
  • Selecting Yes forces all internal users to change their passwords the next time they log on to Security Analytics and overrides any individual user account settings.
  • Selecting No forces only those internal users with the Force password change at next login option enabled in their individual user account settings to change their password the next time they log on to Security Analytics.
Password strength settings take effect when Security Analytics users create or change their passwords.

Security Settings

The Security Settings section enables you to configure global security settings for Security Analytics users.

                                         
FeatureDescription
Lockout Period Number of minutes to lock a user out of Security Analytics after the configured number of failed logins is exceeded. The default value is 20 minutes.
Idle Period Number of minutes of inactivity before a session times out. The default value is 60. If the value is 0, the session will not timeout.
Session Timeout The maximum duration of a user session before timing out  The default value is 600. If the value is 0, there is no maximum time for a session. If the value is a positive integer, the session times out when the configured time has elapsed. The user must log in again.
Case Insensitive User Name Specifies that the RSA Security Analytics Username field on the login screen is case insensitive. For example, you could use Admin or admin to log on to Security Analytics.
Max Login Failures The maximum number of unsuccessful login attempts before a user is locked out. The default value is 5.
Global Default User Password Expiration Period The default number of days before a password expires for all internal Security Analytics users. A value of zero (0) disables password expiration.  For upgrades and new installations, the default value is zero (0).
Notify User <n> Days Prior to Password Expiry The number of days before the password expiration date, to notify a user that their password is about to expire. Users receive a one-time email on the specified date before their passwords expire. They also see a Password Expiration Message dialog when they log on to Security Analytics.
A value of zero (0) disables automatic password expiration notification. If you set the Global Default User Password Expiration Period to zero (0), users do not receive automatic password expiration notifications. 
Apply Makes the settings become effective immediately. 

External Authentication

The External Authentication section enables you to configure Security Analytics to use Active Directory or PAM to authenticate and test external user logins.

                         
FeatureDescription
Active Directory Allows Security Analytics to use Active Directory to authenticate external user logons.
PAM Allows Security Analytics to use Pluggable Authentication Modules (PAM) to authenticate external user logons.
Apply Makes the settings become effective in the next logon. 
Test Prompts for a username and password, then tests the currently enabled external authentication method.

Active Directory Configurations

The Active Directory Configuration section enables you to configure Security Analytics to use Active Directory to authenticate external user logins.

                                             
FeatureDescription
Enabled Enables Active Directory authentication for Security Analytics users.
Domain Domain name where the Active Directory Service is located.
Host Host name or IP address where the Active Directory Service is located.
Port Port on the host that is used for Active Directory Service authentication.
SSL Indicates whether the Active Directory Service uses SSL.
Username Mapping Indicates the Active Directory search field to use for username mapping. You can specify userPrincipalName (UPN) or sAMAccountName.
Follow Referrals Indicates whether Security Analytics will follow LDAP referrals made by Active Directory.
Username If Username is provided here, it binds to the Active Directory Service while searching Active Directory groups. This credential is not used for any other purpose.
Apply Makes settings become effective immediately.

Public Key Infrastructure (PKI) Authentication Configuration

The PKI Authentication section enables you to configure PKI authentication to Security Analytics.

Server Certificates

The Server Certificates section enables you to import a server certificate with its key to Security Analytics.

                                     
FeatureDescription
Alias A user-friendly name in which a certificate is stored in a store.
Subject DN The entity to which the certificate is issued.
Issuer DN The entity which issued the certificate.
CA Indicates whether the certificate is Certificate Authority (CA). 
Valid Form The start date from when a certificate is valid.
Valid Till The end date till when a certificate is valid.
Use as Server Certificate Allows to use a server certificate as a default server certificate.

Trusted CAs

The Trusted CAs section enables you to import a Certificate Authority (CA) certificate to Security Analytics.

                                 
FeatureDescription
Alias A user-friendly name in which a certificate is stored in a store.
Subject DN The entity to which the certificate is issued.
Issuer DN The entity which issued the certificate.
CA Indicates whether the certificate is Certificate Authority (CA). 
Valid Form The start date from when a certificate is valid.
Valid Till The end date till when a certificate is valid.

CRLs

The CRLs allows you to import Certificate Revocation List (CRL) to Security Analytics (SA) server.

                            
FeatureDescription
Issuer DN The entity which issued the certificate.
Filename  The name of the file from which the CRL is loaded.
Count

The total number of "unique" revoked certificates in the CRL.

Next Update on The date on which CRL will be updated.

CRL Refresh Interval Settings

The CRL Refresh Interval Settings allows you to set the time interval for the SA server to refresh the CRL into SA cache.

                        
FeatureDescription
Reload from Disk The CRL cache is read from the disk every 30 Seconds.
Refresh Interval The time interval at which Security Analytics server refreshes the CRL into Security Analytics cache.
Save

Allows you to save the time interval.

User Principal Settings

The User Principal Settings section enables you to specify a field in a certificate to uniquely identify the user for PKI authentication.

                     
FeatureDescription
Path The path to a field in a certificate which is used extract a username or userid.
Regex A regular expression that is used to extract the final username or userid from the value in a certificate at a given path.
Configure Allows you to configure the user principal settings to extract a username or userid

Enable PKI

The Enable PKI section enables you to enable PKI authentication in Security Analytics. 

                    
FeatureDescription
Enable PKI Select the option to enable PKI.
Apply Enables PKI authentication for Security Analytics users.
You are here: References > Administration Security View > Settings Tab

Attachments

    Outcomes