The following tables list the Policy settings for the Makito X4 encoder:
Password Policies
|
Setting |
Default |
Description |
|---|---|---|
|
Minimum Length |
6 characters |
Type in the minimum password length. Note Passwords can be 6 to 40 characters in length. |
|
Password Quality |
Basic |
Select the required password quality; works in conjunction with minimum Password requirements below:
|
|
Uppercase Letters |
0 |
(Password Quality must be Strong) Specify the minimum required number of uppercase letters.
|
|
Digits |
0 |
(Password Quality must be Strong) Specify the minimum required number of digits. Range: 0-40. |
|
Symbols |
0 |
(Password Quality must be Strong) Specify the minimum required number of symbols. Range: 0-40. |
|
Remember Last (Passwords) |
5 |
(Password Quality must be Strong) This option determines the number of unique new passwords that must be associated with a user account before an old password can be reused. The range: 5-500. |
|
Minimum Lifetime (Days) |
0 |
(Password Quality must be Strong) This option restricts the user's ability to change their password. Enforcing a minimum password lifetime helps prevent repeated password changes to defeat the password reuse or history enforcement requirement. The range: 0 (no restriction) to 7 days. |
|
Password Expiration |
Disabled |
Check this checkbox to enable Password expiration. |
|
Change Password After (Days) |
N/A if Disabled
|
(Password Expiration must be enabled) Type in the number of days after which users must change their passwords (from 1-180 days). |
Session Policies
|
Setting |
Default |
Description |
|---|---|---|
|
Auto Logout |
Disabled |
Check this checkbox to automatically log users out after a specified period of idle time. When enabled, if a user has been inactive for longer than the specified period of time, he/she will be logged out and redirected to the Sign-in page. Systems that are left logged on may represent a security risk for an organization. Note Enabling the Auto-Logout Session policy also limits the number of concurrent sign-ins per account to 4. |
|
Logout when Idle for (Minutes) |
N/A if Disabled
|
(Auto Logout must be enabled) Specifies the maximum length of time the system may be idle before the user will be logged out. Range: 1 - 1440 minutes. |
|
Limit Login Attempts |
Disabled |
Check this checkbox to lock a user account after the specified number of consecutive failed sign-in attempts during the specified time period. This may be used to reduce the risk of unauthorized system access via user password guessing. |
|
Max Failed Attempts |
N/A if Disabled
|
(Limit Login Attempts must be enabled) Specifies the maximum number of consecutive failed sign-in attempts allowed during the specified time interval before the account will be locked. Range: 3-10 |
|
Failed Interval (Minutes) |
N/A if Disabled
|
(Limit Login Attempts must be enabled) Specifies the time period during which the consecutive failed sign-in attempts will be counted to lock out the account. Range: 5-60 minutes Note If a user fails the “Max Failed Attempts” within the “Failed interval”, the account will be locked for 10 minutes. |
Account Policies
|
Setting |
Default |
Description |
|---|---|---|
|
Disable Inactive Accounts |
Disabled |
Check this checkbox to enable automatic disabling of user accounts after the specified number of days of account inactivity. |
|
Inactivity Timeout (Days) |
N/A if Disabled
|
(Disable Inactive Accounts must be enabled) Specifies the number of days (since the last login) after which the user account will be disabled.
Disabled accounts can be re-enabled either via the “account Tip The system adds a one day (24hours) grace period to the setting configured by the user. |
Cryptography Policies
|
Setting |
Default |
Description |
|---|---|---|
|
Compliance |
None |
Specifies the required cryptographic compliance, either:
Note Any selection will reinforce security for all management functions of the decoder in terms of cryptography. This setting will take effect upon the next reboot. |
|
Min TLS Version |
TLSv1.3 |
Specifies which TLS (Transport Layer Security) versions are accepted from the HTTPS client. Options are:
Tip For backward compatibility considerations, you may choose to disable the older TLS versions not needed by the organization's TLS peers (i.e., browsers, |
HTTP Policies
|
Setting |
Default |
Description |
|---|---|---|
|
Strict Transport Security |
Disabled |
Check this checkbox to enable HTTP Strict Transport Security (HSTS). HSTS forces web browsers to only contact the Web interface over HTTPS, instead of using HTTP. |