No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview

Overview

This topic helps you better understand all operations about security management and select operation modes based on site requirements.

Before performing security management operations, you must familiarize yourself with the basic concepts related to security management, such as the user, role, operation rights, and access control. For details, see User Authorization. Understanding these concepts will help you avoid errors when performing security management operations.

Figure 3-1 shows the overview of security management operations.

Figure 3-1 Overview of security management operations

The default operation rights for a new user include:

  • Viewing, creating, and customizing home pages
  • Viewing topology views and device views
  • Viewing, creating, and customizing big screen monitoring views
  • Changing passwords and contact information
  • Setting idle time
Table 3-1 Task

Task

Prerequisite

Important Notes

Navigation Path

Setting an account policy

You must have the operation rights for User Management.

  • The lock-out policies for the admin and common users differ as follows:
    • For the admin user, the IP address of the client from which the user logs in is locked. During the lock-out period, the admin user cannot use the client to log in.
    • For a common user, the account is locked. During the lock-out period, the user is not allowed to log in from any client.

      By default, non-admin accounts will be suspended if they are not used to log in within two months (the duration is configurable). If a suspended non-admin account is activated again but is still not used to log in, the system calculates the account suspending duration from the last login time before account suspension.

NOTE:
  • To improve account security, you are advised to enable all account policies provided by the eSight.
  • The account policy applies to the following users after the account policy is successfully set:
  • New users.
  • Users whose information is modified.
  • If a user name is disabled after an account policy is applied, perform the following operations to enable the user name:
    1. Choose System > System Management > User Management from the main menu.
    2. In the navigation tree on the left, choose User.
    3. Click in the Operation column where the user information is located.
NOTE:

After a user is enabled, the ACL settings (for details, see Setting an access control policy) determine whether the user can log in. The ACL settings include Client IP Address Policy and Login Time Policy. Perform the following steps to view the ACL settings of the user:

  1. In the User Name column, click a user name.
  2. On the displayed page, click the Access Control Policies tab and view Policy Name and IP Address Range of the user.

If the access requirements are not met, modify Access Control Policies or Setting an Access Control Policy.

Choose System > System Management > User Management from the main menu. In the navigation tree in the left pane, choose Account Policy.

Setting a password policy

Disabling a password policy will compromise the account security. It is recommended that a password policy meet the following requirements:

  1. Contains at least eight characters.
  2. Contains at least two types of the following characters:
    • At least one uppercase letter
    • At least one lowercase letter
    • At least one digit
    • At least one of the following special characters: !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and space

Choose System > System Management > User Management from the main menu. In the navigation tree in the left pane, choose Password Policy.

Setting an access control policy

The admin user is not limited by Login Time Policy.

Choose System > System Management > User Management from the main menu. In the navigation tree in the left pane, choose Client IP Address Policy or Login Time Policy.

-

Choose System > System Management > User Management from the main menu. In the navigation tree in the left pane, choose Mobile Access Control Policy.

Setting the automatic logout time of clients

-

This operation is valid for the current user. If the database disconnects during eSight running, this configuration item will be reset to its default value. If the eSight detects that the database reconnects, the configuration item is restored to the value set by a user.

If the automatic logout settings are canceled, you must manually log out of a client when you are away. Otherwise, other users may perform unauthorized operations.

Choose System > System Management > User Management from the main menu. In the navigation tree in the left pane, choose My Settings.

Changing the password of the current user

-

The admin user can change its password in My Settings. However, no user can reset the password for the admin user.

View online user

-

After the system enters single user mode, the eSight only allows the current user to log in to the eSight, and other online users are forcibly logged out.

You need to make the system exit single user mode immediately you complete maintenance operations. In this way, other users can use the eSight properly.

Choose System > System Management > User Management from the main menu. In the navigation tree in the left pane, choose View Online User.

Forcing a user to log out

-

You must have the operation rights for User Management.

If you log in, you cannot force yourself to log out.

Choose System > System Management > User Management from the main menu. In the navigation tree in the left pane, choose View Online User.

Querying Logs

-

On the Security Logs, System Logs, or Operation Logs page, if content with line breaks is pasted to the Details text box, the search results vary with browsers after you click Search.

  • On Internet Explorer and Chrome browsers, the content after line breaks is automatically truncated. The log that matches the content before the line breaks is filtered.
  • On Firefox browsers, truncation is not supported when information is pasted. As a result, matching log is not filtered.

Choose System > System Management > Log Management from the main menu.

Translation
Download
Updated: 2019-09-07

Document ID: EDOC1100011877

Views: 311639

Downloads: 635

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next