Carrier Access user manual Broadmore 1750 Release

Security Management

Security Guidance

System Clock – The system clock is used to time stamp all events recorded in the system log and user audit log. To set the system clock, see “System Clock” on page 10-7.

User Administration – The Broadmore authenticates users by identification and role-based access privilege levels and maintains an audit trail activity log. Only a SuperUser can assign users and access levels, set the minimum number of characters required for user names and passwords (user ID rules), and clear the system log. The security officer must ensure that all users change their passwords periodically in accordance with local security practice.

(1)It is recommended that passwords be changed at least once every 6 months. Users must be instructed to use a random combination of all the usable characters for passwords.

(2)It is recommended that all users, access privileges, and role assignments be reviewed periodically or whenever a personnel termination, transfer, or role change occurs.

Audit Trails – Audit trails must be enabled for FIPS mode.

The cryptographic module provides a system log and user audit log. The audit log (audit.txt) records user actions while the system log (sys.log) records system events and configuration changes.

A SuperUser has access to pSOS shell commands that can overwrite the system and audit log files. This misuse of shell commands to corrupt the audit trail is strictly prohibited and removes the Broadmore from the evaluated configuration. It is recommended that user audit trails be examined periodically in accordance with local security practice to determine if the Broadmore is being accessed by unauthorized users or during nonstandard hours, or if the configuration is being accessed or altered in an inappropriate manner. For example, every third consecutive attempted login failure produces an entry in the system log.