Identity-based user accounts in PTP 650/700

The default setting for a PTP 600/650/700/800 has a single user account for the web-based interface. All users login by supplying the same password. The initial password is blank, so you should always set a new password before deploying a link. Please take the trouble to choose a strong password that cannot be guessed easily, and certainly avoid obvious choices like "password". I know it sounds unlikely, but that's a surprisingly common choice.

If several people are going to have access to the unit, it's a really good idea to activate the identity-based user accounts on the Management | Web | Local User Accounts page. You can then create up to ten separate named accounts, where each account has one of three roles: "Security Officer", "System Administrator" and "Read Only".

The Read Only role can view the general configuration and status, but cannot view the security configuration. The System Administrator role can additionally update the general configuration. The Security Officer role can do the same as the System Administrator and can additionally update the security configuration. The advantage of these roles is that you can restrict access to the most critical aspects to one or two individuals, whilst providing lower-level access to the rest of the team.

The unit allows you to set rules for password complexity. If your network has rules, duplicate them here. If not, there is a button that provides a recommended setting. 

By default we have three active accounts named "security", "admin" and "readonly", each assigned with one of the roles, and each with a blank password. Overwrite these default account names with account names that make sense in your network. There's no need to reuse our default account names.

Set compliant passwords for each of the enabled user accounts (including your own account). Unless you have an amazing memory, make a note of the passwords for the other users in a safe place. Consider checking the "Force password change" box; this obliges other users to change their initial password the first time they access the unit.

Security of network infrastructure is really important. You can enhance security significantly by switching to identity-based user accounts. It doesn't take much work, and it could prevent a whole world of trouble!