Appendix A
Understanding CiscoWorks Security
System Administrator-Imposed Security
Connection Security
Security Certificates
78-16571-01
To maximize CiscoWorks Server security, follow these security guidelines:
Do not allow users other than the systems administrator to have a login on the
•
CiscoWorks Server.
Do not allow the CiscoWorks Server file systems to be mounted remotely
•
with NFS or any other file-sharing protocol.
Limit remote access (for example, FTP, RCP, RSH) to the CiscoWorks Server
•
to those users who are permitted to log in to the CiscoWorks Server.
Place your network management servers behind firewalls to prevent access to
•
the systems from outside of your organization.
Change the database password after installation and periodically based on
•
your company's security policies.
Back up the security certificates in a safe location, if you are using SSL in
•
CiscoWorks Server.
CiscoWorks Server uses Secure Socket Layer (SSL) encryption to provide secure
connection between the client browser and management server, and Secure Shell
(SSH) to provide secure access between the management server and devices.
Security certificates are similar to digital ID cards. They prove the identity of the
server to clients. Certificates are issued by Certificate Authorities (CAs) such as
VeriSign® or Thawte. A certificate vouches for the identity and key ownership of
an individual, a computer system (or a specific server running on that system), or
an organization. It is a general term for a signed document.
Typically, certificates contain the following information:
•
Subject public key value.
Subject identifier information (such as the name and e-mail address).
•
Validity period (the length of time that the certificate is considered valid).
•
User Guide for CiscoWorks Common Services
Server Security
A-7