Configuring Lockdown Security Solution
The Lockdown Security Solution provides the facility to lock down a fixed set of security settings on your device. When you install this feature, the device settings are locked down permanently, and no user or administrator can unlock the settings.
Installation of the Lockdown Security Solution requires a feature installation key. For details, refer to Installing Optional Software Features.
CAUTION: After you install the Lockdown Security Solution, you cannot remove this feature.When the Lockdown Security Solution is installed, the device monitors the locked-down settings daily. If a setting needs correction, the device remediates the setting to its required value. After the daily check, the device reports on the status of the locked-down settings. The device reports on the following situations:
• If all locked-down settings are compliant, the device generates a confirmation report.
• If a locked-down setting is not compliant, the device generates a lockdown error report.
• When a remediation is successful, the device generates a remediation confirmation report.
• When a remediation fails, the device generates a remediation error report.
Use the Lockdown & Remediate page to schedule daily checks and to configure settings for alerts and status reports.
To configure Lockdown & Remediation:
1. In the Embedded Web Server, click > > .
2. For Check Daily at:, type the time of day in hours and minutes, then select AM or PM. The default daily time is 2:00 AM.
If a setting needs remediation, the device sends an email alert to the contacts configured on the Email Alerts page.
If the check is successful, the device generates status reports according to the report settings.
Note:
• After a check action begins, you cannot cancel the operation.
• If remediations are needed, the process takes approximately 20 minutes.
• Corrections to certain security settings take the device offline.
• Corrections to certain security settings require a device restart.
3. To generate an email alert when a setting needs remediation, click the Email Alerts link. For details, refer to Email Alerts.
4. To invoke a manual check, click Check Now. At the confirmation prompt, click Check Now or Cancel.
After the check action begins, the Check Now option remains grayed out until the check completes. After the check completes, the device generates status reports according to the report settings.
5. To print a status report after the daily check, for Printed Confirmation Report, select an option.
•Errors Only: This option instructs the device to print a status report only when a non-compliant setting is detected. This option is the default.
•Always: This option instructs the device to print a status report after every check.
•Never: This option instructs the device not to print status reports.
6. To email a status report after the daily check, for Email Confirmation Report, select an option.
•Errors Only: This option instructs the device to email a status report only when a non-compliant setting is detected. This option is the default.
•Always: This option instructs the device to email a status report after every check.
•Never: This option instructs the device not to email status reports.
To send reports by email, ensure that recipients are configured for email alerts. For details, refer to Email Alerts.
7. To specify the text to appear on error reports, for Action Text, click Edit. In the text field, type up to 255 characters.
The action text appears on the lockdown error and remediation error reports.
8. To generate a simulation test, click the check box for Error Simulation. The simulation verifies that the device can recognize insecure conditions, and generates test reports.
9. To save settings, click Apply. To cancel changes, click Undo.
Note:If you selected Error Simulation, the simulation test starts at the scheduled daily time.