Chapter 2 Managing BTS Users and Commands Using EMS

Solaris OS Security and BTShard Package

Solaris OS Security and BTShard Package

This section details the security packages for the BTS 10200 OS. These packages are automatically installed at installation. These packages are derived from both Sun Microsystems security bulletins and Cisco internal policies for safety of the OS and its applications. All services can be reactivated for the lifetime of the current kernel instance. All settings are reset on reboot of the kernel. These settings are contained in the BTShard Solaris package delivered with the BTS 10200.

Remove unnecessary UNIX systems services. These services are listed below. Management of these facilities must allow for each service to be enabled or disabled on an individual basis. This service management must also be accomplished through the BTS 10200 adapter interface.

FTP—FTP server is disabled and SFTP (Secure FTP) should be used. This impacts the Bulk Data Provisioning interface. It does not impact the Billing Bulk Data transfer. The FTP client code will still be available on the EMS node.

Telnet—This terminal protocol is disabled and SSH (Secure Shell) should be used. The telnet server and client code are still available on the EMS node.

Echo—This service is to be disabled. This capability has been replaced with Internet Control Message Protocol (ICMP) “ping” facilities.

Discard—This service is to be disabled.

Printer—This service is to be disabled. No printer services are supplied in the BTS 10200 product description.

Daytime—This service is to be disabled.

Chargen—This service is to be disabled.

SMTP—This service is to be disabled.

Time—This service is to be disabled.

Finger—This service is to be disabled. No network user facilities are required. The BTS 10200 tracks users internally and on a single BTS basis.

Sun RPC—This service is to be disabled. This may be enabled in a lab environment for Tooltalk usage in debugging application programs.

Exec—This service is to be disabled.

Login—This service is to be disabled.

Shell—This service is to be disabled. This may be required for some lab activity; however, there is no field usage for rlogin, rcp, and rsh facilities.

UUCP—This service is to be disabled.

NFS—This service is to be disabled.

Lockd—This service is to be disabled.

X11—This service is available for the near term only.

DTSCP—This service is to be disabled.

Font-services—This service is to be disabled.

HTTP—This service is to be enabled. This is used by the BTS 10200 to offer results of report generation. This will migrate to HTTPS.

Cisco BTS 10200 Softswitch Operations and Maintenance Guide, Release 6.0.x

 

OL-16000-07

2-7

 

 

 

Page 23
Image 23
Cisco Systems 10200 manual Solaris OS Security and BTShard Package