- Preface
- Overview
- Configuring and Monitoring the Cisco PAM Server
- Getting Started With the Cisco PAM Desktop Software
- Configuring User Access for the Cisco PAM Desktop Client
- Understanding Door Configuration
- Configuring Doors
- Configuring Door and Device Templates
- Configuring Personnel and Badges
- Configuring Cisco Access Policies
- Events & Alarms
- Configuring Automated Tasks
- System Integration
- Video Monitoring
- System Configuration Settings
- Backing Up and Restoring Data
- Upgrading Software and Firmware
- Troubleshooting
- Security
- Glossary
Cisco Physical Access Manager Appliance User Guide, Release 1.2.0
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Chapter: Security
Security
This appendix includes information used to ensure the security of your Cisco PAM appliance.
Contents
•
Cisco PAM TCP Port Requirements for Firewall Connections
•Related Security Documentation
•Disabling the Cisco PAM TFTP Server
Cisco PAM TCP Port Requirements for Firewall Connections
Table D-1 lists the TCP ports used by the Cisco PAM appliance. Cisco PAM desktop clients require access to these ports when connecting to a Cisco PAM appliance that is behind a firewall.
Related Security Documentation
Refer to the following documentation for security information related to Cisco PAM.
•Red Hat Enterprise Linux 4.5.0 Security Guide
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/en-US/Security_Guide/
•Security in MySQL
http://dev.mysql.com/doc/mysql-security-excerpt/5.0/en/index.html
Disabling the Cisco PAM TFTP Server
The Cisco PAM appliance includes a TFTP server that is enabled by default. This TFTP server is used primarily to store firmware images for upgrading Gateway modules, as described in Upgrading Gateway Firmware Images Using Cisco PAM, page B-18.
To disable the TFTP server, complete the following steps.
Note If the TFTP server is disabled, you must upgrade the Gateway firmware using image files stored on an external TFTP server. See Upgrading Gateway Firmware Images Using Cisco PAM, page B-18 for more information.
Step 1 Log in to the Cisco PAM Server Administration utility.
See Logging on to the Cisco PAM Server Administration Utility, page 2-2.
Step 2 Select the Monitoring tab and then select Status.
Step 3 Verify that the TFTP Service is Up, click Stop, as shown in Figure D-1.
Step 4 After the confirmation message appears, verify that TFTP Service is Down.
Figure D-1 TFTP Service in "Up" State
Tip Once the TFTP Service is Down, the button changes to Start. Click Start to enable the TFTP server.
Feedback