Cisco Physical Access Manager User Guide, Release 1.4.1
Security
Downloads: This chapterpdf (PDF - 173.0KB) The complete bookPDF (PDF - 61.78MB) | Feedback

Security

Table Of Contents

Security

Contents

Cisco PAM TCP Port Requirements for Firewall Connections

Related Security Documentation

Disabling the Cisco PAM TFTP Server


Security


This appendix includes information used to ensure the security of your Cisco PAM appliance.

Contents

Cisco PAM TCP Port Requirements for Firewall Connections

Related Security Documentation

Disabling the Cisco PAM TFTP Server

Cisco PAM TCP Port Requirements for Firewall Connections

Table D-1 lists the TCP ports used by the Cisco PAM appliance. Cisco PAM desktop clients require access to these ports when connecting to a Cisco PAM appliance that is behind a firewall.

Table D-1 Cisco PAM Appliance Ports: Firewall Requirements

Port
Description

TCP 80

HTTP for video and redirect to HTTPS

TCP 443

HTTPS

TCP 1236

Fixed port for CPAM client to server communications.

TCP 3306

MYSQL

TCP 8020

Default port for Gateway to Cisco PAM communication.

UDP 69

TFTP


Related Security Documentation

Refer to the following documentation for security information related to Cisco PAM.

Red Hat Enterprise Linux 4.5.0 Security Guide
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/en-US/Security_Guide/

Security in MySQL
http://dev.mysql.com/doc/mysql-security-excerpt/5.0/en/index.html

Disabling the Cisco PAM TFTP Server

The Cisco PAM appliance includes a TFTP server that is enabled by default. This TFTP server is used primarily to store firmware images for upgrading Gateway modules, as described in Upgrading Gateway Firmware Images Using Cisco PAM.

To disable the TFTP server, complete the following steps.


Note If the TFTP server is disabled, you must upgrade the Gateway firmware using image files stored on an external TFTP server. See Upgrading Gateway Firmware Images Using Cisco PAM for more information.



Step 1 Log in to the Cisco PAM Server Administration utility.

See Logging on to the Cisco PAM Server Administration Utility.

Step 2 Select the Monitoring tab and then select Status.

Step 3 Verify that the TFTP Service is Up, click Stop, as shown in Figure D-1.

Step 4 After the confirmation message appears, verify that TFTP Service is Down.

Figure D-1 TFTP Service in "Up" State


Tip Once the TFTP Service is Down, the button changes to Start. Click Start to enable the TFTP server.