Sec/User Mgmt: Settings Tab

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

In the Settings tab, you configure password complexity for internal Security Analytics users and system-wide security parameters.

For information on configuring these parameters, see Set Up System Security

Password complexity requirements apply only to internal users and are not enforced for external users. External users rely on their own methods and systems to enforce password complexity.  

To access the Settings tab:

  1. In the Security Analytics menu, select Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.

The following figure shows the Password Strength and Security Settings sections of the Settings tab.

SecSettTb.png

The following figure shows the External Authentication and Active Directory Configurations sections of the Settings tab.

SysSecSettTb2.png

The following figure shows the PKI Authentication section of the Settings tab.

10.5.0.2_SysSecSettTb3.png

The following figure shows the CRL Refresh Interval Settings, User Principal Settings, and Enable PKI sections of the Settings tab.

10.5.0.2_SysSecSettTb4.png

Password Strength

The Password Strength section enables you to configure password complexity requirements for internal Security Analytics users when they set their passwords.

                               
FeatureDescription
Minimum Password LengthSpecifies a minimum password length requirement for Security Analytics user passwords. A minimum password length prevents users from using short passwords that are easy to guess.
Uppercase CharactersSpecifies a minimum number of uppercase characters for the password. This includes European language characters A through Z, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic uppercase: Д Ц
  • Greek uppercase: Π Λ
Lowercase CharactersSpecifies a minimum number of lowercase characters for the password. This includes European language characters a through z, sharp-s, with diacritic marks, Greek characters, and Cyrillic characters. For example:
  • Cyrillic lowercase: д ц
  • Greek lowercase: π λ
Base 10 DigitsSpecifies a minimum number of decimal characters (0 through 9) for the password.
Special Characters (~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/)Specifies a minimum number of special characters for the password:
~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/
Non-Latin Alphabetic CharactersSpecifies a minimum number of Unicode alphabetic characters that are not uppercase or lowercase. This includes Unicode characters from Asian languages. For example:
  • Kanji (Japanese): 頁 (leaf) 枒 (tree)
Password May Not Contain UsernameSpecifies that a password cannot contain the case-insensitive username of the user.
ApplyProvides the option to force all internal users to change their passwords the next time they log on to Security Analytics
The confirmation dialog shows the following question:
Do you want to force all internal users to change their passwords on the next login?
  • Selecting Yes forces all internal users to change their passwords the next time they log on to Security Analytics and overrides any individual user account settings.
  • Selecting No forces only those internal users with the Force password change at next login option enabled in their individual user account settings to change their password the next time they log on to Security Analytics.
Password strength settings take effect when Security Analytics users create or change their passwords.

Security Settings

The Security Settings section enables you to configure global security settings for Security Analytics users.

                               
FeatureDescription
Lockout PeriodNumber of minutes to lock a user out of Security Analytics after the configured number of failed logins is exceeded. The default value is 20 minutes.
Idle PeriodNumber of minutes of inactivity before a session times out. The default value is 60. If the value is 0, the session will not timeout.
Session TimeoutThe maximum duration of a user session before timing out  The default value is 600. If the value is 0, there is no maximum time for a session. If the value is a positive integer, the session times out when the configured time has elapsed. The user must log in again.
Case Insensitive User NameSpecifies that the RSA Security Analytics Username field on the login screen is case insensitive. For example, you could use Admin or admin to log on to Security Analytics.
Max Login FailuresThe maximum number of unsuccessful login attempts before a user is locked out. The default value is 5.
Global Default User Password Expiration PeriodThe default number of days before a password expires for all internal Security Analytics users. A value of zero (0) disables password expiration.  For upgrades and new installations, the default value is zero (0).
Notify User <n> Days Prior to Password ExpiryThe number of days before the password expiration date, to notify a user that their password is about to expire. Users receive a one-time email on the specified date before their passwords expire. They also see a Password Expiration Message dialog when they log on to Security Analytics.
A value of zero (0) disables automatic password expiration notification. If you set the Global Default User Password Expiration Period to zero (0), users do not receive automatic password expiration notifications. 
ApplyMakes the settings become effective immediately. 

External Authentication

The External Authentication section enables you to configure Security Analytics to use Active Directory or PAM to authenticate and test external user logins.

                   
FeatureDescription
Active DirectoryAllows Security Analytics to use Active Directory to authenticate external user logons.
PAMAllows Security Analytics to use Pluggable Authentication Modules (PAM) to authenticate external user logons.
ApplyMakes the settings become effective in the next logon. 
TestPrompts for a username and password, then tests the currently enabled external authentication method.

Active Directory Configurations

The Active Directory Configuration section enables you to configure Security Analytics to use Active Directory to authenticate external user logins.

                                  
FeatureDescription
EnabledEnables Active Directory authentication for Security Analytics users.
DomainDomain name where the Active Directory Service is located.
HostHost name or IP address where the Active Directory Service is located.
PortPort on the host that is used for Active Directory Service authentication.
SSLIndicates whether the Active Directory Service uses SSL.
Username MappingIndicates the Active Directory search field to use for username mapping. You can specify userPrincipalName (UPN) or sAMAccountName.
Follow ReferralsIndicates whether Security Analytics will follow LDAP referrals made by Active Directory.
UsernameIf Username is provided here, it binds to the Active Directory Service while searching Active Directory groups. This credential is not used for any other purpose.
ApplyMakes settings become effective immediately.

Public Key Infrastructure (PKI) Authentication Configuration

The PKI Authentication section enables you to configure PKI authentication to Security Analytics.

Server Certificates

The Server Certificates section enables you to import a server certificate with its key to Security Analytics.

                         
FeatureDescription
AliasA user-friendly name in which a certificate is stored in a store.
Subject DNThe entity to which the certificate is issued.
Issuer DNThe entity which issued the certificate.
CAIndicates whether the certificate is Certificate Authority (CA). 
Valid FormThe start date from when a certificate is valid.
Valid TillThe end date till when a certificate is valid.
Use as Server CertificateAllows to use a server certificate as a default server certificate.

Trusted CAs

The Trusted CAs section enables you to import a Certificate Authority (CA) certificate to Security Analytics.

                      
FeatureDescription
AliasA user-friendly name in which a certificate is stored in a store.
Subject DNThe entity to which the certificate is issued.
Issuer DNThe entity which issued the certificate.
CAIndicates whether the certificate is Certificate Authority (CA). 
Valid FormThe start date from when a certificate is valid.
Valid TillThe end date till when a certificate is valid.

CRLs

The CRLs allows you to import Certificate Revocation List (CRL) to Security Analytics (SA) server.

                
FeatureDescription
Issuer DNThe entity which issued the certificate.
Filename The name of the file from which the CRL is loaded.
Count

The total number of "unique" revoked certificates in the CRL.

Next Update onThe date on which CRL will be updated.

CRL Refresh Interval Settings

The CRL Refresh Interval Settings allows you to set the time interval for the SA server to refresh the CRL into SA cache.

             
FeatureDescription
Reload from DiskThe CRL cache is read from the disk every 30 Seconds.
Refresh IntervalThe time interval at which Security Analytics server refreshes the CRL into Security Analytics cache.
Save

Allows you to save the time interval.

User Principal Settings

The User Principal Settings section enables you to specify a field in a certificate to uniquely identify the user for PKI authentication.

             
FeatureDescription
PathThe path to a field in a certificate which is used extract a username or userid.
RegexA regular expression that is used to extract the final username or userid from the value in a certificate at a given path.
ConfigureAllows you to configure the user principal settings to extract a username or userid

Enable PKI

The Enable PKI section enables you to enable PKI authentication in Security Analytics

          
FeatureDescription
Enable PKISelect the option to enable PKI.
ApplyEnables PKI authentication for Security Analytics users.
You are here: References > Administration Security View > Settings Tab

Attachments

    Outcomes