Device Security Management Sample Clauses

Device Security Management. Once the Customer network has been deployed onto the Insite systems, responsibility for the password lock-down of the devices passes onto the Operations Centre, which then changes all passwords of the devices and refers the authentication of any further login attempts to a TACACS+ Server. Tacacs will be added. NO PASSWORDS ON THE DEVICES WILL BE CHANGED. There might be some automated processes in place which rely on these passwords. All unnecessary logins/passwords will be removed within the first 6 weeks as part of the normal change control process. The TACACS+ server provides the AAA authentication service. This prevents unauthorised access to the client’s devices. All managed devices are configured to refer login attempts to the TACACS+ server, which will then give the managed device the go-ahead to accept the connection. A fallback login method will be put in place (login using device-local authentification) in case of network and/or Tacacs failures (open for discussion). Only Operations Centre personnel and the relevant senior DD Engineering staff have access to managed devices. Should anyone other than the above require access, a change control request has to be submitted onto the Service Portal. Note that most, but not all, devices support TACACS authentication. This will be identified to the Customer during pre-deployment scooping sessions. In addition this mechanism is not able to protect the device from physical break-in, such as powering down a device and gaining access through the console port on the device. Unauthorised access in this fashion will be detected by the device going down on the management system and by the random configuration-file scan detecting that changes had been made on the device but will not have access to any of the audit trails mentioned below.