Page History

Configuring the password and user account lock policies

To configure the user security policy, do as followsthe following:

1. Go
to 
2. to the Settings tab → Options
 →
3. tab → Security policy item.
   Image Modified
   
In the Minimum password length field, set
4. If necessary, you can change the settings specified in the table below:
   

   Parameter	Value	Description
   Password policy
   Minimum password length	8	The default value is 8. If necessary, change the minimum password length.

In the

5. The value must be in the range [8, 20]

   Number of passwords in history

field, set the number of the most recent passwords for each user to be stored in history. 0—do not store

6. 0

   The default value is 0, which means that the system doesn't store the password history. If

this value

7. there is a different value from 0, then you cannot use the passwords that are stored in the history

cannot be used when setting a

8. when specifying the new password.

9. Specify the number of last passwords for each user that you want to store in the history. The value must be in the range [0, 24]
   Password expiration period	0	The default value is 0, which means that the password expiration period is unlimited. Specify the password expiration

In the Password validity period field, set the password validity

10. period in days. After the end of the

validity

11. specified period

expires

12. , the user is

prompted

13. offered to

set a In the

14. specify the new password.

0—the password validity period never expires.

15. The value must be in the range [0, 999]

16. Username and password must meet complexity requirements

field, select the positions to meet complexity requirements:
17. Nothing.
18. Password only.
Username and password.


19. None

    The default value is Password. Select the value from the drop-down list that must correspond to the complexity requirements Note title Attention!

The requirements

20. Requirements: Username: must contain at least six characters and at least two digits; must not include common role names, such as: user, admin, administrator, administrator1, root, super, superuser, supervisor. Password must contain at least eight characters that must meet at least three requirements for passwords containing less than 10 characters and at least two requirements for passwords containing 10 or more characters: At least one uppercase letter; At least two lowercase letters; At least three digits; At least four special characters: . , : ; ! ? \ | / ( ) [ ] { } + − = < >" @ ' # * $ ` % ^ & _ ~.

If you need to limit the number of sessions per user to one, set the

21. Username and password
    Password
    Prevent multiple logons of the same user account	Image Added	By default, there is no prohibition for multiple logons of the same user account (the checkbox is cleared). If you want to prevent multiple logons

Prevent multiple logins

22. of the same user account, set the checkbox. This requirement also

applies

23. refers to Web

-Clients

24. clients and mobile

Clients.In the Maximum failed logon attempts field, set the number of failed logon attempts to lock the user's account. 0—no account locking on incorrect passwords. If this value is different from 0, when a new user is created, they are given the name User with a random number from 10000 to 99999. The name can be changed in the user settings.

25. clients
    	Image Added
    Allow access to Remember me feature	Image Added	By default, when you connect to the domain, you can set/clear the Remember me checkbox on the initialauthorizationwindow (the checkbox is set). If you clear the Allow access to Remember me feature checkbox, then the Remember me checkbox is unavailable on the initialauthorizationwindow. For example, if you as a new client connects to the old server, then the "Remember me" tip is absent
    	Image Added
    User account locking policy
    Maximum failed logon attempts	0	The default value is 0, which means that the user account isn't blocked after failed logon attempts. Specify the number of failed user authentication attempts after which the user account is locked. The value must be in the range [0, 999] Note title Attention!

When unlocked,

26. After the user is

offered

27. unlocked, it has only one authentication attempt.

A successful authentication resets the failed attempts counter to zero, otherwise

28. If this attempt is successful, the counter of failed attempts resets; otherwise, the user account is locked again.

In the

29. Account lockout duration

    0

    Note title Attention! If you set the 0 value in the Maximum failed logon attempts parameter, the field

, set the duration of user account lockout on failed login

30. is unavailable. The default value is 0, which means that the administrator can only unlock the user account (see Configuring local users, Configuring LDAP users). Specify the account lockout duration after failed authentication attempts in minutes.

0—the account can be unlocked by the administrator only (see Configuring local users, Configuring LDAP users).

31. The value must be in the range [0, 99999]
    Do the following actions when system integrity compromised	When you start each server and client, Axxon One automatically checks all executable files (exe, dll, so) for the correspondence of a watermark. If all files are found and correspond to a watermark, the system log saves the System integrity check passed successfully event (see System log). If the files' and system directories' integrity is compromised, altered by malware, or someone attempts to hack into the system, Axxon One automatically displays one of the preset actions
    	Show warning to administrators only	The value is set by default. When users of the admin role start a client, the corresponding notification is displayed: "System integrity compromised. Details: Client status: Server status compromised: Server status checked: unknown". To proceed the client loading, you must click the Continue button, to close—No, to open the text file with the list of compromised files—Details
    	Show warning to all users	Notification is displayed for all users
    	Block users without administrator rights	The client logs out, and the corresponding notification is displayed for all users that were in the system during the check except for the users of the admin role. Also these users cannot connect to the server
    	Stop non-vital services	The operation of all objects that must be licensed (cameras, detectors, and so on) stops. When you start a client, the corresponding warning is displayed for all users
    Privacy masking
    Privacy mask type	Mosaic	The default privacy mask type is Mosaic. Select the required privacy mask type from the drop-down list
    	Black

Click the Apply Image Removed
32. Click the ApplyImage Added button. To cancel an action, click the CancelImage Added
33. button.

Configuring the user's security policy is complete.

Note
title Attention!
If any user accounts whose username and password don't correspond to new requirements were created in your the system before you applied changes in security policy are incompatible with the new requirements, the users are prompted to change their credentials upon their next login.Image Removed apply new security policy parameters, then the first time you connect them, the option to specify the new password is offered. Image Added

Configuring the filter of allowed client IP addresses

You can limit IP addresses from which remote clients can connect to the server. For this, do the following:

1. Go to the Settings tab → Options tab → Security policy item.
2. In the field:
   1. IP address, enter the required IP address.
   2. Prefix, set the subnetwork mask for specifying the range of addresses from which the connection is allowed.
3. Click the Add Image Added button.
4. Click the ApplyImage Added button. To cancel an action, click the CancelImage Added button.

As a result, the range of addresses is added to the list. The connection from the addresses that aren't included in the list is unavailable.

To delete an address or the range of addresses from the list, do the following:

1. Click the Image Added button in the Delete column.
2. Click the ApplyImage Added button. To cancel an action, click the CancelImage Added button.