Authenticationapp; Authenticationapp Responsibilities; Authenticating Users - Cisco 4215 - Intrusion Detection Sys Sensor Configuration Manual

MainApp
For the procedure for displaying tech support information, see
Note
page
LogApp receives all syslog messages, except cron messages, that are at the level of informational and
above (*.info;cron.none), and inserts them into Event Store as <evErrors> with the error severity set to
Warning. LogApp and application logging are controlled through the service logger commands.
LogApp can control what log messages are generated by each application by controlling the logging
severity for different logging zones. You would only access the individual-zone-control of the logger
service at the request and supervision of a TAC engineer or developer. For troubleshooting purposes,
TAC might request that you turn on debug logging. For more information, see
page

AuthenticationApp

This section describes AuthenticationApp, and contains the following topics:
•
•
•
•

AuthenticationApp Responsibilities

AuthenticationApp has the following responsibilities:
•
•
•

Authenticating Users

You must configure authentication on the sensor to establish appropriate security for user access. When
you install a sensor, an initial cisco account with an expired password is created. A user with
administrative access to the sensor accesses the sensor through the CLI or an IPS manager, such as IDM
or ASDM, by logging in to the sensor using the default administrative account (cisco). In the CLI, the
Administrator is prompted to change the password. IPS managers initiate a
setEnableAuthenticationTokenStatus control transaction to change the account's password.
Through the CLI or an IPS manager, the Administrator configures which authentication method is used,
such as username and password or an SSH authorized key. The application servicing the Administrator
initiates a setAuthenticationConfig control transaction to establish the authentication configuration.
The authentication configuration includes a login attempt limit value that is used to specify how account
locking is handled. Account locking is invoked when the number of consecutive failed login attempts for
a given account exceeds the login attempt limit value. After an account is locked, all further attempts to
log in to that account are rejected. The account is unlocked by resetting the account's authentication
token using the setEnableAuthenticationTokenStatus control transaction. The account locking feature is
disabled when the login attempt limit value is set to zero.
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 5.0
A-20
13-18. For the procedure for displaying events, see
C-23.
AuthenticationApp Responsibilities, page A-20
Authenticating Users, page A-20
Configuring Authentication on the Sensor, page A-21
Managing TLS and SSH Trust Relationships, page A-21
To authenticate a user's identity
To administer the user's accounts, privileges, keys, and certificates
To configure which authentication methods are used by AuthenticationApp and other access
services on the sensor
Appendix A
Displaying Tech Support Information,
Displaying Events, page 13-4.
Enabling Debug Logging,
System Architecture
78-16527-01