#SOPHOS UTM PASSWORD#
Password complexity is often in place on Windows Active Directory, but overlooked on networking devices.
#SOPHOS UTM HOW TO#
The list of users available will appear on the left, drag the new user in the “ Edit Group” windowĦ) The new user will be added to the list, click “ Save“.įor more information on how to configure administrator accounts within Sophos UTM, please refer to the following URL:Įnforcing password complexity rules that comply with the organisation’s password policy ensures that the accounts are protected using complex passwords, that are difficult to guess or brute force. The group “ SuperAdmins” will appear in the list.ĥ) Click on “ Edit” to edit the user group and click on the browse button. Note that privilege levels can range from Read-only, Help Desk, Admin and Super Admin, with Super Admin being the highest level of access possible:ġ) Go to Definition & Users -> Users & GroupsĢ) Click “ New User” to create a new user.ģ) Within the identity window you can fill in the username and password.Ĥ) Save the newly created user, and click on the “Groups” tab at the top. To create an administrative account using WebAdmin, perform the following steps. In combination with user authorisation, this allows fine-grained control over the operations that are accessible to each user, ensuring that the principle of minimal privilege can be enforced. Additionally, different privilege levels can be assigned to individual users to only grant the access needed for their role. To address this, enabling SSL for LDAP requests can be done by checking the box marked “SSL” as highlighted.ĪSSIGNING INDIVIDUAL LOCAL ADMINISTRATOR ACCOUNTSĪssigning individual administrator accounts ensures that every action can be traced back to the user who is responsible for making that action. Please note that by default, plain text communication is used to communicate with the LDAP Server which would cause administrative credentials and sensitive configuration to be sent across the network unencrypted and so be vulnerable to interception. To configure LDAP for Sophos UTM, please refer to Section 5.7.2.3 LDAP in the following article: Please refer to the following URL for more information: In the drop down list for “Backend”, select RADIUS and configure the rest of the parameters using the same steps that were used for TACACS+. The way to configure RADIUS authentication in Sophos UTM is similar to TACACS+. Please refer to section 5.7.2.5 TACAS+ in the following documentation for more information on how to configure TACACS+: To enter the host name instead of the IPv4 address, choose “DNS Host” from the drop down list “ Type”.Ĭhoose the interface you wish users to be authenticated from in the “ Advanced” tab, then add the TACACS+ server name and IP Address and the TACACS+ parameters, for instance the port number and symmetric server secret key, which would be supplied by the TACACS+ server administrator.
#SOPHOS UTM PLUS#
Click “New Authentication Server“, and choose the TACACS+ protocol in the dropdown menu in Backend.Ĭlick the green plus button to enter the IPv4 address of the TACACS+ server and specify a name in the “ Name” field. Go to Definition & Users -> Authentication Services -> Servers. To configure Sophos UTM to use TACACS+, you can use the following steps in WebAdmin: We will discuss three common methods for configuring central authentication in Sophos: TACACS+, RADIUS, and LDAP.
This simplifies account management processes, such as by ensuring that users’ accounts can easily be disabled across all network devices once they leave the organisation. The use of a central authentication service allows organisations to easily and centrally manage user accounts. ACCESS CONTROL Configure CENTRAL Authentication As such, the menus might differ for other versions. Please note that the following recommendations were verified against a Sophos UTM 9 appliance. There is a command line interface for Sophos UTM, however Sophos are understood to prefer supporting the GUI and provide documentation for this approach, as such it will be used for this guide. Sophos is just one of the vendors that provides such solutions to many organisations, alongside Check Point, FortiNet, Juniper, and Cisco. The aim of this article is to provide guidance for network administrators on how to harden Sophos UTM firewalls.
Firewalls are used as the main defence for an organisation’s network infrastructure, and are used to prevent unauthorised access to or from the private network.
0 kommentar(er)
