cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

DX80 Network Settings (Hide)

alwin.emanuel
Beginner
Beginner

Afternoon community,

 

We're in the process of seeing if the DX80 will satisfy our STIG vulnerabilities. Where I seem to be stuck is with the network settings. We want to hide all instances of the IP address being displayed without a pin or password. I've restricted the User Menu and Enabled Strong Security, but you can still view the IP address under 'About this Device' and 'Network Connection'. What am I missing here?

1 ACCEPTED SOLUTION

Accepted Solutions

Magnus Ohm
Cisco Employee
Cisco Employee

Hi,

You are not missing anything. When you enable "Strong" security mode you will hide the IP information etc in the UI for normal users. The administrator can still get access to see the IP from the device by authenticating on the "About this device". If you just lock down the settings menu you will see that the "About" option is accessible by any user, once you set the security mode to strong the "About" option will be locked as well effectively preventing normal users from seeing the IP information.

To make this work you need three things:

 

A strong admin password set on the admin user

The settings menu mode must be in locked state

The UI security mode must be set to strong

 

What you see is by design, while it prevents normal users from seeing IP information it still leaves an option for the admin to get the IP address if he needs to troubleshoot the device or otherwise connect to it while in the same room (this may not be part of your use-case but for many, it is). In my opinion it is sufficient to lock the information away from normal users unless your admin password is commonly known, which I would say is much worse if you are worried about security. I trust that all your admin users has such a confidence level that they can see the IP information on demand.  

 

/Magnus

View solution in original post

2 REPLIES 2

Magnus Ohm
Cisco Employee
Cisco Employee

Hi,

You are not missing anything. When you enable "Strong" security mode you will hide the IP information etc in the UI for normal users. The administrator can still get access to see the IP from the device by authenticating on the "About this device". If you just lock down the settings menu you will see that the "About" option is accessible by any user, once you set the security mode to strong the "About" option will be locked as well effectively preventing normal users from seeing the IP information.

To make this work you need three things:

 

A strong admin password set on the admin user

The settings menu mode must be in locked state

The UI security mode must be set to strong

 

What you see is by design, while it prevents normal users from seeing IP information it still leaves an option for the admin to get the IP address if he needs to troubleshoot the device or otherwise connect to it while in the same room (this may not be part of your use-case but for many, it is). In my opinion it is sufficient to lock the information away from normal users unless your admin password is commonly known, which I would say is much worse if you are worried about security. I trust that all your admin users has such a confidence level that they can see the IP information on demand.  

 

/Magnus

Magnus,

 

Thank you! I hadn't set the UI security mode.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: