User Accounts
User accounts can be managed on the local sensor because there is no support for AAA servers on sensor
appliance. Each user is associated with a role that controls what that user can and cannot modify. There are four
basic user roles:
Administrator: The highest level of privileges with unrestricted view and can perform all operations.
Operator: The second highest level of privileges and can view everything, but perform limited operations.
Viewer: The lowest level of privileges and can view configuration and events, but cannot modify any
configuration data except their user passwords.
Service: A special role that allows a user to bypass the sensor CLI and directly log in to a bash shell.
Service account is mainly created for support and troubleshooting purposes. (There is no supported user
configuration from within the service account.) Only one user with service privileges can be configured on
a sensor. The service user cannot be used to log in to the IDM.
Caution
User access in the service account is not supported except under direct supervision of Cisco TAC or Cisco
development engineering.
Device Security Checklist
A security checklist is an important document containing a summary of various guidelines and instructions for
secure implementations.
Pages:
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160