Configuring Security Services

MCS's security features are enabled by default. However, a secure (HTTPS) connection to the MCS console is required only if you select Require Encryption on the Console Access, Authentication page.

To configure security services for MCS
  1. In the MCS left pane under Services, click Security.

  2. Under Security, click Security Services.

  3. In the MCS right pane, change any settings on the Security Services Configuration page as needed.

    For example, you can change the secure port that was specified during installation and you can enable debug error logging.

    For details on these options, click Help in the upper-right corner of the page.

  4. Click Save.

Limiting Access to Authorized Hosts

To limit access to MCS to specified hosts, you can set options in the text file located in the ../mcs/WEB-INF/data/securitygateway/settings directory.

To limit access to authorized hosts
  1. Open in a text editor and edit the following property:

    • validHost1 — Allows client access only to authorized hosts. This option applies only for clients configured to access hosts via security services.

      By default, MCS security services allows access to any host address and port specified in a client configuration. A destination filter limits access to clients whose target host matches one of the authorized hosts specified in the destination filter.

      Replace the Attachmate-supplied value, *.*.*.*:*, which denotes a connection with any host and port. Use the format IPaddress:port where IPaddress is the IP address of the host (not its domain name), and port is the number of the port on which the host is listening.

      You can use the asterisk character (*) as a wildcard in any position of the IP address and in the port, for example, 149.82.*.*:23 or*

      You cannot use the question mark (?) as a wildcard character.

      You can include comments, indicated by the pound (#) character in the first position of a line.

      If you want to filter multiple hosts, add additional ValidHostx=IPaddress:port properties, where x is a consecutive integer from 2 up, and IPaddress:port is the IP address and port number of the host.

  2. Save and close

Note Before putting MCS into an SSL production environment, you must obtain and install a server site certificate.
Related Topics
Bullet Security Services, Overview
Bullet Obtaining and Installing a Server Certificate
Bullet Authenticating MCS Users