Configuring Security Policies

Procedure

1. Log in to DeviceManager.
2. Choose Settings > User and Security > Security Policies.
3. Configure an account policy. Table 5-1 describes the related parameters.

   Click Advanced to display the advanced settings of Account Policy.

   Table 5-1 Account policy parameters

   Parameter	Description
   Complexity	Complexity of the user password. A complex password is recommended. [Value range] A password must contain special characters and at least two of the following types: uppercase letters, lowercase letters, and digits. A password must contain special characters, uppercase letters, lowercase letters, and digits.
   Password Validity	Indicates whether to set a password validity period. NOTE: If Password Validity is not enabled, the password is always valid. To ensure the security of the storage system, you are advised to enable Password Validity. If Password Validity is enabled, you need to set Password Validity Period and Password Expiration Warning.
   Password Validity Period (Day)	After the validity period of a password expires, the system asks you to change the password promptly. [Value range] Its value is an integer ranging from 1 to 999.
   Password Expiration Warning	Number of days prior to password expiration that the user receives a warning message. [Value range] Its value is an integer ranging from 1 to 99.
   Min. Username Length	Minimum length of the user name. [Value range] Its value is an integer ranging from 5 to 32.
   Password Length	This parameter is used to prevent the user from setting a too simple or lengthy password. [Value range] Its value is an integer ranging from 8 to 32.
   Duplicate Characters	Maximum number of consecutive duplicate characters. [Value range] Its value is an integer ranging from 0 to 9. If the value is 0, the number is not limited.
   Retained Historical Passwords	Number of retained historical passwords of the account. A new password must be different from retained historical passwords. [Value range] Its value is an integer ranging from 0 to 30. If the value is 0, the number is not limited.
   Password Change Interval	Indicates whether to enable a password change interval. NOTE: If Password Change Interval is enabled, you must set Interval.
   Interval	Minimum interval for changing a password. [Value range] Its value is an integer ranging from 1 to 9999.

4. Click Save.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > User and Security > Security Policies.
3. Configure a login policy. Table 5-2 describes the related parameters.

   Click Advanced to display the advanced settings of Login Policy.

   Table 5-2 Login policy parameters

   Parameter	Description
   Session Timeout Duration (Minute)	A user will be automatically logged out if the user does not perform any operation within the specified time. [Value range] Its value is an integer ranging from 1 to 100.
   Account Lockout	If Account Lockout is enabled and the number of consecutive incorrect password attempts exceeds the value of Lockout Threshold within 5 minutes, the user account is locked. NOTE: Disabling Account Lockout poses security risks. You are advised to enable this function. If Account Lockout is enabled, you need to set Lockout Threshold, Lockout Mode, and Automatic Unlock In. A locked account can be manually unlocked by the super administrator. If Lockout Mode is set to Temporary, the system automatically unlocks a locked account after the time specified by Automatic Unlock In has elapsed.
   Lockout Threshold	Number of consecutive incorrect password attempts. If the number of incorrect password attempts exceeds the value of Lockout Threshold, the system automatically locks the account. [Value range] Its value is an integer ranging from 1 to 9.
   Lockout Mode	The mode in which a user is automatically locked by the system. NOTE: If you select Permanent, a super administrator account is automatically unlocked by the system after being locked for 15 minutes, and an administrator account is permanently locked by the system. If you select Temporary, set Automatic Unlock In to specify the automatic unlock time. [Value range] Temporary or Permanent
   Automatic Unlock In (Minute)	Period after which a locked account will be automatically unlocked. NOTE: The automatic unlock time applies only to automatic lockout. If an account is manually locked, the time does not take effect, and the account can only be manually unlocked. When Automatic Unlock In is set to a value ranging from 3 to 15, the automatic unlock time applies to all accounts. When Automatic Unlock In is set to a value ranging from 16 to 2000, the automatic unlock time applies only to non-super administrator accounts. A super administrator account will be automatically unlocked after 15 minutes. [Value range] Its value is an integer ranging from 3 to 2000.
   Lock Account When Idle	If an account never logs in to the system within the specified number of days, the account will be locked. NOTE: If Lock Account When Idle is enabled, you need to set Idle Period.
   Idle Period	Number of days for which an account remains idle. [Value range] Its value is an integer ranging from 1 to 999.
   Login Security Info	After an account logs in, the system displays information about its last login, including the login time and IP address, to enhance security.
   User-Defined Info	After an account successfully logs in to the system, a warning is displayed, showing the preset prompt information. NOTE: After User-Defined Info is enabled, you need to enter prompt information.
   Info	This message is used to notify the user that login is successful. [Value range] Its value contains 1 to 511 characters.

4. Click Save.

Prerequisites

You are a super administrator. (Only super administrators have the permission to perform this operation.)

Procedure

1. Log in to DeviceManager.
2. Choose Settings > User and Security > Security Policies.
3. Specify the IP addresses allowed to access the storage system.
   1. Enable Access Control.
   2. Enter the IP addresses or IP address segments that can access the device.
      • An example of an IP address is 192.168.1.100 or fx00::1234.
      • An example of an IP address segment is 192.168.1.10-192.168.1.11.
   3. Click Add to add the specified IP address segments or IP addresses to the IP address/address segment list.
      • A maximum of 32 IP addresses and IP address segments can be added.
      • After this function is enabled, if you do not allow an IP address or IP address segment to access the storage system, click next to the IP address or IP address segment. However, you must reserve at least one IP address or IP address segment. You can also click Clear All to delete all IP addresses and IP address segments.

4. Click Save.

   If a dialog box is displayed, perform operations as prompted.

Procedure

1. Log in to DeviceManager.
2. Choose Settings > User and Security > Security Policies.
3. Configure user account audit.
   1. Enable User Account Audit.
   2. Set Audit Period.
      • The value of Audit Period ranges from 0 to 999.
      • If Audit Period is set to 0 or 1, the system sends a user account audit alarm every day.