Skip to main content

Basic

NetAcquire systems offer a variety of security options that we’ll examine here. In addition, we offer several other options that will be covered in future articles,

  • Security hardening option (targeted to DISA-STIG model)
  • Pre-Deployment hardening
  • Data-at-rest encryption

First Principles

Important: A root Linux user exists on your system. NetAcquire assigns and provides to you a random password, but it is critical that you change this password yourself. The root user must be changed via SSH.

Authentication and Encryption

The Security Manager page presents this option at the top of the General tab.

auth and encrypt

Authentication

This option enforces authentication when accessing the system. Users must provide their credentials and log in. A client certificate authentication option can be chosen for end users preferring use of a certificate.

Note: Accessing the system via SSH always requires authentication, regardless of the settings configured in Security Manager.

Authentication Type

Users can choose from Password or Certificate authentication. This setting can be combined with Central Authentication (separate tab) to authenticate through your domain server. Enabling certificate authentication requires further configuration on the Certificates tab.

Note: To configure the server with your own secure certificate (strongly recommended), please refer to the Certificates tab and the server manual’s instructions.

Other Settings

A variety of settings can be configured using the Security Manager. A brief summary follows.

  • SSH – communications reliant upon SSH
  • Local Passwords – security controlling passwords such as strength, expiration, etc.
  • FTP – Enables non-secure FTP, SFTP can be found in the SSH section
  • HTTP – Apache logging
  • Server Discovery – enable/disable mDNS/DNS-SD
  • Command Line Sessions – security and messages for SSH
  • Security Markings – enable/disable and set security display banners