Account Settings
Purpose
This document provide users with an overview of the account settings for OUTSCAN and HIAB.
Requirements
This document has been elaborated under the assumption the reader has access to the OUTSCAN/HIAB main user account.
Introduction
The Account settings allows the main user to manage all the users accounts that in the system. As the main user you can manage several security policies attributes such as Password Policy, Method Enforcing, CSRF Validation, and Login Policy. Under the License tab, the amount of scans, targets that can be maintained in the system can be monitored
There are two ways of launching your applications.
From OUTSCAN
From a HIAB
OUTSCAN and HIAB
To launch the OUTSCAN application, open a browser and navigate to https://outscan.outpost24.com.
To connect to a HIAB, open a browser and enter the assigned network address https://your-appliance-ip.
Use HTTPS protocol.
Ex. For HIAB https://your-appliance-ip
or for OUTSCAN https://outscan.outpost24.com
Log in using your credentials.
To access the Account Settings module, go to Main Menu > Settings > Account.
Account
In the Account tab, the account Details and Login for a user can be edited.
Details
The Details area contains personal information such as name, email address, phone number, language and location information.
Option | Description |
Company name | Displays your company name. |
First name | Provide your first name. |
Last name | Provide your last name. |
Email address | The email address that you wish to bind to your account. This email address will receive notifications, recovered passwords, and update notes. |
Phone number | Provide the phone number you wish to bind to your account. Phone numbers are entered without any leading + or 0 and a minimum of six digits. Format:<country code><phone number> |
Mobile number | Provide the mobile number you wish to bind to your account. Phone numbers are entered without any leading + or 0 and a minimum of six digits. Format:<country code><phone number> |
Language | The language that you would like the user interface to use. |
Country | Your country location. |
State | Select your state if applicable. |
Email PGP Public Key | The email can be encrypted with a PGP public key. Default options: None, Unencrypted To add a public key file:
|
Login
The Login area contains account statistics, including the number of times that the account has logged in. It also allows you to change the password, and the User-ID, which is used to log in to the service.
The main user can also set the Session timeout interval. If the timeout is specified, a session will timeout if the user is inactive for the specified number of minutes. This include the main user.
Two-factor authentication can be enabled, and the mode of authentication is selected from here. Either Mobile Security Code or Google Authenticator can be used for authentication. The means used for authentication can be limited, depending on the options configured for two factor authentications under Security Policy tab.
When Google Authentication is selected, you are asked to enter the credential ID which is used to set up the account.
Option | Description |
Number of logons | Displays the total number of logons. |
Last logged on | Displays the date of the last logon. |
Last logon from IP | Displays the IP of the last logon. |
USER-ID | Displays your user ID. |
Existing Password | If you wish to reset your password you must provide the current password for the account in this field. |
Password | Type the password that you wish to use for this account. |
Password Again | Confirm the new password by typing it again. |
Session Timeout (minutes) | For how long the system is allowed to be idle before the session times out and you are logged out. |
2-Factor-Authentication | Choose between the following in the drop-down menu:
|
Security Policy
In the Security Policy tab several security policies can be edited such as:
- Password Policy
- Method Enforcing
- CSRF Validation
- Login Policy
Application Access Tokens can also be managed.
Password Policy
The Password Policy area is used to setup a policy regarding password complexity. Following fields are available to use to increase or decrease password security:
Option | Description |
Maximum Age | Used to set for how long a set password is valid before it expires and the user has to set a new password. |
History Length | Determines how many entries the system will save to confirm that the entered password has not been used before. |
Minimum Length | Set the minimum length of the password. |
Enforce Numeric | Determines the number of digits that the password must contain. |
Enforce Special Character | Determines the number of special characters a password must contain. The special characters are `~!@#$%^&*()-_=+[{]}\\|;:'\",<.>/?. |
Require initial change | Force the newly created user to change the password upon the first login to the system. |
When changing the password policy, the existing passwords that does not match the new policy will not be subject to change, the only change that affects all existing passwords is the Maximum Age.
The new setting of the Maximum Age will therefore be applied even for existing passwords.
Method Enforcing
The Method Enforcing area determines the type of method used for authentication.
Option | Description |
2-Factor Authentication | The available options are:
|
Force SSO For: | Force use of Single Sign On for:
|
CSRF Validation
If enabled, your account will have protection against cross site request forgery attacks. The reason for why this can be disabled is due to older integrations which do not have support for protection against cross site request forgery attacks.
Note
Do not disable this if not necessary.
Option | Description |
CSRF Validation | Protects against Cross Site Request Forgery attacks. Only disable for older integrations which do not have support for protection against cross site request forgery attacks. Default value: Enabled |
Login Policy
The Login Policy area is used to grant login access from a specific network range.
Here you can define multiple network ranges from which the users will be allowed to log in. If a user supplies the correct credentials but is not located within the granted range, their access will be denied.
Option | Description |
Grant Login from IP network | Multiple entries separated by a new line can be entered in the following formats:
|
Application Access Tokens
The Application Access Tokens are keys that is generated and can be used instead of username/password. The key can be copied and sent into the request as the parameter APPTOKEN using the API.
See Access Tokens for more information.
The Application Access Tokens area lists the applications using access tokens.
Clicking on the + New button will display the Maintaining App Access Token window.
Option | Description |
Active | Checking this box marks the token as active. |
Name | Indicates the name of the application. |
IP Restriction | Restricting the IP address used by the application. |
Access Right | Indicates the type of access right. |
Features (HIAB only)
When the Enable IP Monitor Application is enabled, an application is available in the menu which can be used to determine if a target goes online or offline.
Option | Description |
Enable IP Monitor Application | Check this box if you want to enable IP Monitor Application. Default value: Disabled |
Attributes
In the Attributes tab, you can define up to ten custom attributes which can be used throughout the system. They can also be configured to only allow predefined values.
These attributes become available in the following sections depending on their configuration:
Users
Target
Reports
Scheduling
Discovery
Configure Attributes
To configure a custom attribute,
Go to Main Menu > Settings > Account.
Select Attributes tab.
Right click on any undefined fields and click Edit to open the Edit Attribute window.
Provide a name for the column to be added.
Enable Active field.
Configure the attribute according to options described in the Attribute Options table below.
Click Save.
Active field needs to be checked to make all the other check-boxes available. Also, Target field needs to be checked to make Reporting available.
Attribute Options table
Option | Description |
Field Name | Specifies the name of the custom attribute. |
Active | If checked the attribute will be active in the system. |
User | Creates a column in Manage Users, which is set when creating or editing a user. |
Target | Creates a column in Manage Targets, which is set when editing a target or labeling a target group. |
Reporting | Creates a column in Manage Targets and the Findings tab in Reporting Tools, which can be set when editing a target or labeling a target group. Only usable if target is selected. |
Scheduling | Creates a column in the Scan Schedules tab in Scan Scheduling, which can be set when creating or editing a scan schedule. |
Vulnerability | Creates a column in the Vulnerability Database, and in the Findings tab in Reporting Tools. This attribute can be set by editing an entry in the Vulnerability Database by right clicking the entry to edit and choose Edit Attributes. |
Finding | Creates a column in the Findings tab in Reporting Tools, which can be set by editing an entry in the Findings tab by right clicking and select Edit Attributes. |
Export report | Choose in what section of an exported report the attributes will be presented in. User, Target, and Scheduling are not presented in the exported reports.
|
Required | If an attribute field exists for an entity, the attribute field requires a value. |
Field Type | This selects a specific type of input that can be used in the attribute.
|
Acceptable Values | Accepted values for the Combo and Number attributes.
Acceptable Values is only visible if Combo or Number has been selected in Field Type. |
License
In the License tab, the remaining number of scans on the account can be seen, together with the maximum number of targets that can be maintained in the system.
Note the difference layout between OUTSCAN and HIAB.
HIAB
OUTSCAN
Related Articles
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.