.. _example_system_security_services:

########
Services
########

These scenarios show the services limitations when secure mode is enabled. Also it illustrates
how to configure other services that are limited due to this feature.

*********************************************
Insecure communication protocols are disabled
*********************************************

Description
===========

Check insecure protocols (like http, ftp) are disabled

Scenario
========

.. include:: services/insecurecommunicationprotocolsaredisabled

.. raw:: html

  <hr>

***************
Update software
***************

Description
===========

Check only admin users are allowed to update software

Scenario
========

.. include:: services/updatesoftware

.. raw:: html

  <hr>

*****************
Disabled Services
*****************

Description
===========

Verify different services are disabled for both configuration and operation commands

Scenario
========

.. include:: services/disabledservices

.. raw:: html

  <hr>

*******************
New Users Passwords
*******************

Description
===========

New users must meet the password criteria when secure mode is enabled

Scenario
========

.. include:: services/newuserspasswords

.. raw:: html

  <hr>

*****************
Invalid Passwords
*****************

Description
===========

This scenario will output an error message for each invalid password is tried to configured

Scenario
========

.. include:: services/invalidpasswords

.. raw:: html

  <hr>

**************
Syslog Feature
**************

Description
===========

This scenario shows how to configure syslog util with secure mode enabled

Scenario
========

.. include:: services/syslogfeature

.. raw:: html

  <hr>

***************************
SSH Algorithms Restrictions
***************************

Description
===========

These scenario shows the restrictions when trying to configure ssh ciphers or algorithms
considered as invalid when secure mode is enabled, but not when the device is in normal mode.
Despite this example is only for ssh server mode, the functionality for a ssh client
will be the same.

Scenario
========

.. include:: services/sshalgorithmsrestrictions

.. raw:: html

  <hr>

************************
SSH Connections Failures
************************

Description
===========

These scenario illustrates a failed attempt of DUT1 to connect to DUT0 via ssh due to
the selected algorithms or ciphers are considered invalid
when this last device (DUT0) has secure mode enabled.

Scenario
========

.. include:: services/sshconnectionsfailures

.. raw:: html

  <hr>

*****************************
IPSEC Algorithms Restrictions
*****************************

Description
===========

These scenario shows the restrictions related to ipsec ciphers and authentications
methods when secure mode is enabled

Scenario
========

.. include:: services/ipsecalgorithmsrestrictions

.. raw:: html

  <hr>

****************************
IPSEC Invalid Configurations
****************************

Description
===========

These scenario shows which configurations in ``vpn ipsec`` are considered
as invalid when secure mode is enabled

Scenario
========

.. include:: services/ipsecinvalidconfigurations

.. raw:: html

  <hr>