Tripp Lite B0930082E4UV Owners Manual for B093- B097- and B098-Series Console - Page 22

3. System Configuration • In the example shown below, local administrators on local Management LAN have direct telnet access to the console server (and attached serial ports), while remote administrators using dial-in or cellular have no such telnet access (unless they set up a VPN). • Respond to ICMP echoes (i.e. ping) Service access options can be configured at this stage. This allows the console server to respond to incoming ICMP echo requests. Ping is enabled by default. However for security reasons, this service should generally be disabled post-initial configuration. • You can also configure to allow serial port devices to be accessed from assigned network interfaces using Raw TCP, direct Telnet/SSH, unauthenticated Telnet/SSH services, etc. • Click Apply to apply your services access selections. 3.4.1 Brute Force Protection Brute force protection (Micro Fail2ban) temporarily blocks source IPs that show malicious signs, such as too many password failures. This may help mitigate scenarios where the Tripp Lite device's network services are exposed to an untrusted network such as the public WAN, and scripted attacks or software worms are attempting to guess (brute force) user credentials and gain unauthorized access. Brute Force Protection may be enabled for the listed services. Once protection is enabled, three or more failed connection attempts within 60 seconds from a specific source IP trigger it to be banned from connecting for the next 60 seconds. Active Bans are also listed and may be refreshed by reloading the page. Note: When a Tripp Lite device is running on an untrusted network, it is recommended that a variety of strategies be used to lock down remote access. This includes strong passwords (or even better, SSH public key authentication), VPN, and using Firewall Rules to whitelist remote access from trusted source networks only. Refer to the Knowledge Base for details. 22