The Rhino Element Manager (REM) is a web-based console for monitoring, configuring, and managing a Rhino SLEE. REM provides a graphical user interface (GUI) for many of the management features documented in the Rhino Administration and Deployment Guide. Rhino is an application server that supports the development of telecommunications applications. Download Rhino Element Manager Security Notices
For identity and access management with Rhino TAS, follow these guidelines: We recommend that you adhere to the principle of least privilege when you grant permissions to user accounts.
Least privilege access gives users only the permissions they need to carry out the tasks that they are responsible for.
When you grant permissions in compliance with least privilege, you reduce the potential impact that a compromised account can have on your network. You need to use the default administrator account to log in the first time when you use REM.
To ensure system security, change the password and create user accounts with appropriate permissions.
For details, see Enter username and password. We recommend that you use centralized LDAP authentication instead of local authentication (locally stored keypairs or passwords).
This means that every appliance does not store user authentication information, and only the centralized authentication will be used.
We recommend that you use multi-factor authentication (MFA) for centralized authentication. If you use local authentication,
we recommend that you configure user accounts to use SSH keys with passphrases (instead of username/password).
If this is not possible, we recommend you use SSH keys without passphrases instead of passwords. REM supports LDAP based authentication, see Appendix G. Using LDAP for authentication for details and setup instructions. We recommend that you remove user accounts from your system once they are no longer needed,
for example after a user retires or leaves their role. We recommend that passwords/PINs adhere to the following requirements. Use a minimum of eight characters. Do not use more than three consecutive repeated characters. Do not use common character sequences longer than three characters, for example abcd or 1234. Do not use words that are common passwords, for example password or admin. Do not use context-specific strings, for example a username, the name of the product, or a phone number. We recommend that machine-to-machine passwords and other passwords that users do not enter manually adhere to the following requirements. Use a minimum of 24 characters. Use a mixture of uppercase, lowercase, and numeric characters. Do not use more than three consecutive repeated characters. Do not use common character sequences longer than three characters, for example abcd or 1234. Do not use words that match dictionary attacks for common passwords, for example password or admin. Do not use context-specific characters, for example a username, the name of the product, or a phone number. REM supports both local and centralized authentication.
For local authentication, adhere to these password requirements when you manage local user accounts.
If you use centralized authentication with LDAP, implement relevant password policy on the authentication server. We recommend that all users store their passwords in a secure password manager.
Password managers help users keep track of their different passwords
and allow for more complex passwords that would be difficult to memorize. For interface management with Rhino TAS, follow these guidelines: We recommend that you adhere to principles of Zero Trust while designing, commissioning, and modifying your deployment.
Zero Trust includes authenticating and authorizing traffic whenever possible,
giving the least amount of access required to sessions and entities, and assuming that a security breach could originate from anywhere.
A Zero Trust security model helps mitigate the effect of a breach if a device or network is compromised.
For more information on Zero Trust principles, see Zero Trust Model - Modern Security Architecture | Microsoft Security. This documentation uses Transport Layer Security (TLS) certificates to refer to X.509 certificates used with the TLS protocol.
Outside of this product’s documentation, you may see TLS certificates referred to as SSL/TLS certificates or just SSL certificates.
These terms are often used interchangeably, even though Secure Sockets Layer (SSL) is a distinct protocol from TLS. Connections between REM and the Rhino TAS server are encrypted with the TLS protocol.
For additional security, we recommend that you run REM over HTTPS.
For details, see Running REM over HTTPS. You must establish trust domains around your devices and network
and configure security controls on the trust boundaries such as firewalls, network security groups, and rate limiting,
even when you control the devices on both sides of the boundary. We recommend that you replace certificates at least once per year, including removing the old certificates from your system.
This is known as rotating certificates.
You might need to rotate your certificates more frequently if they expire after less than one year, or if organizational policies require it. |
Product Documentation
Rhino Element Manager Changelog Acknowledgements Rhino Element Manager Guide The Rhino Element Manager Plugin SDK is no longer available. APIs
Rhino Element Manager Common API Javadoc Rhino Element Manager Services API Javadoc Rhino Element Manager Core API Javadoc Documentation for other versions of the Rhino Element Manager is also available. |