Cisco Systems 10200 manual Adapter and User Security, Cisco BTS

Chapter 2 Managing BTS Users and Commands Using EMS

Adapter and User Security

Security is an important part of the BTS 10200. The BTS 10200 has interfaces to customer premise equipment (CPE) as well as northbound Operations Support System (OSS) interfaces. All of these interfaces are subject to attacks. In addition, users who are allowed onto the BTS 10200 can also find ways to exploit applications that can lead to service-affecting situations. Therefore, many precautions are taken to ensure the solidity of the BTS 10200 defenses while avoiding a system that is difficult to manage.

Figure 2-1 BTS 10200 Access and Related Security

This section describes requirements that generally involve adapter and user level of security. In the BTS 10200, adapters are any external, northbound interfaces of the BTS 10200. However, some extrapolated requirements involve adapter technology based on the current deployment:

•Support termination of a session once a provisionable inactivity timeout has occurred. An event report is issued upon each timeout expiry. The inactivity time ranges from 10 to 30 minutes.

•Restrict access as “root” to the BTS 10200 in all cases except Cisco TAC and customer “administrator”. This is a broad statement that includes the addition of command-line interface (CLI) commands to help manage the system. In addition, UNIX services are restricted to harden the operating system (OS). The service restriction is listed in the Solaris OS Security and BTShard Package section. The process of restricting root access is an ongoing process.

•Use of “sudo" is acceptable and the formal Sun-built and packaged version is located in /opt/sfw/bin/.

Cisco BTS 10200 Softswitch Operations and Maintenance Guide, Release 6.0.x