Cisco Systems 15454 SDH 9.1.2.2 User Password, Login, and Access Policies, 9.1.2.3 Audit Trail

9-6

Cisco ONS 15454 SDH Reference Manual, R5.0

April 2008

Chapter9 Security and Timing

9.1.2 Security Policies

9.1.2.2 User Password, Login, and Access Policies

Superusers can view real-time lists of users who are logged into CTC or TL1 by node. Superusers can

also provision the following password, login, and node access policies.

•Password expirations and reuse—Superusers can specify when users must change and when they can

reuse their passwords.

•Login attempts—Superusers can specify the maximum number of times that users are allowed to

attempt to log into CTC.

•Locking out and disabling users—Superusers can provision the n umber of invalid logins that are

allowed before locking out users and the length of time before inactive users are disabled.

•Node access and user sessions—Superusers can limit the number of CTC sessions one use r can have,

and they can prohibit access to the ONS 15454 SDH using the LAN or MIC-C/T/P connections.

In addition, a Superuser can select secure shell (SSH) instead of Telnet at the CTC Provisioning >

Security > Access tabs. SSH is a terminal-remote host Internet protocol that uses encrypted links. It

provides authentication and secure communication over unsecure channels. Port 22 is the default

port and cannot be changed.

Note The superuser cannot modify the privilege level of an active user. The CTC displays a warning message

when the superuser attempts to modify the privilege level of an active user.

9.1.2.3 Audit Trail

Audit trails prove useful for maintaining security, recovering lost transactions, and enforcing

accountability. Accountability refers to tracing user activities; that is, associating a process or action

with a specific user.

The ONS 15454 SDH maintains a 640-entry, human-readab le audit trail of user or system actions such

as login, logout, circuit creation or deletion, and u ser- or system-generated actions. Login events includ e

authorized Cisco logins using the ONS 15454 SDH TL1 or the CTC graphical user interface. You can

move the log to a local or network drive for later review. The ONS154 54 SDH generates an event to

indicate when the log is 80 percent full, and another event to indicate that the oldest log entries are being

overwrittenn.

Table 9 -4 contains the columns listed in Audit Trail window.

Table9-4 Audit Trail Window Columns

Heading Explanation

Date Date when the action occurred

Num Incrementing count of actions

User User ID that initiated the action

P/F Pass/Fail (whether or not the action was executed)

Operation Action that was taken