Chapter 5 Security

5.2.2 Security Policies

Table 5-2

ONS 15600 Security Levels—Network View (continued)

 

 

 

 

 

 

 

 

 

 

CTC Tab

Subtab

Actions

Retrieve

Maintenance

Provisioning

Superuser

 

 

 

 

 

 

 

Provisioning

Security

Users: Create/Delete

X

 

 

 

 

 

 

 

 

 

Users: Change

Same User

Same User

Same User

All Users

 

 

 

 

 

 

 

 

 

Active logins: Logout/Retrieve

X

 

 

Last Activity Time/View

 

 

 

 

 

 

 

 

 

 

 

 

 

Policy: Edit/View

X

 

 

 

 

 

 

 

 

Alarm Profiles

Store/Delete1

X

X

 

 

New/Load/Compare/Available/

X

X

X

X

 

 

Usage

 

 

 

 

 

 

 

 

 

 

 

 

BLSR

Create/Edit/Delete/Upgrade

X

X

 

 

 

 

 

 

 

 

Overhead

Create/Delete/Edit/Merge

X

X

 

Circuits

 

 

 

 

 

 

Search

X

X

X

X

 

 

 

 

 

 

 

 

 

 

Provisionable

Create/Delete

X

X

 

Patchcords (PPC)

 

 

 

 

 

 

 

 

 

 

 

 

 

Server Trails

Create/Edit/Delete

X

X

 

 

 

 

 

 

 

Maintenance

Software

Download/Cancel

X

X

X

 

 

 

 

 

 

 

 

Diagnostics

Retrieve/Clear

X

X

X

X

 

 

 

 

 

 

 

1.The action buttons in the subtab are active for all users, but the actions can be completely performed only by the users assigned with the required security levels.

5.2.2 Security Policies

Users with Superuser security privileges can provision security policies on the ONS 15600. These security policies include idle user timeouts, password changes, password aging, and user lockout parameters.

5.2.2.1 Superuser Privileges for Provisioning Users

Superusers can grant permission to Provisioning users to perform a set of tasks, including retrieving the audit log, restoring a database, clearing performance monitoring (PM) parameters, activating a software load, and reverting a software load. These privileges can only be set using CTC network element (NE) defaults, except the PM clearing privilege, which can be granted using the CTC Provisioning > Security

>Access tabs. For more information about setting up Superuser privileges, refer to the Cisco ONS 15600 Procedure Guide.

5.2.2.2Idle User Timeout

Each ONS 15600 CTC or TL1 user has a specified amount of time to leave the system idle before the CTC window locks. CTC lockouts prevent unauthorized users from making changes. Higher-level users have shorter idle times and lower-level users have longer or unlimited default idle periods, as shown in Table 5-3. Superusers can change user idle times on the Provisioning > Security > Policy tabs.

Cisco ONS 15600 Reference Manual, R7.2

5-5

Page 108 Page 110
Page 109
Image 109
Cisco Systems ONS 15600 manual Security Policies, Superuser Privileges for Provisioning Users, Idle User Timeout
Page 108 Page 110

ONS 15600 specifications

Cisco Systems ONS 15600 is a highly versatile optical networking platform designed to meet the demands of modern telecommunications and data services. This multiservice edge platform supports various transmission mediums and offers a wide array of features that enable efficient data transport. Ideal for service providers and large enterprises, the ONS 15600 is engineered to provide scalable and reliable optical transport solutions.

One of the notable features of the ONS 15600 is its capability to support multiple protocols, including SONET/SDH, Ethernet, OTN, and legacy TDM services. This flexibility allows users to tailor their networks according to specific service requirements while ensuring interoperability with existing infrastructure. The platform is designed to facilitate seamless service migration, accommodating both legacy and next-generation services.

The modular architecture of the ONS 15600 enhances its scalability. It allows for easy expansion by incorporating additional line cards or interface modules without requiring significant downtime. This modularity ensures that service providers can evolve their networks over time, responding to increasing bandwidth demands and new service offerings with ease.

Incorporating advanced technologies, the ONS 15600 employs Dense Wavelength Division Multiplexing (DWDM), significantly increasing the capacity of fiber networks by allowing multiple signals to be transmitted simultaneously over a single optical fiber. This capability helps to optimize fiber utilization and reduce operational costs. In addition, the platform supports Optical Transport Network (OTN) for improved error detection and correction, contributing to higher reliability and performance.

Another key characteristic of the ONS 15600 is its robust management capabilities. The platform can be managed through Cisco's Optical Networking Manager (ONM), providing a centralized interface for network configuration, monitoring, and troubleshooting. This enhances operational efficiency and minimizes downtime, allowing service providers to focus on delivering quality services to their customers.

The ONS 15600 also prioritizes security, offering various features like encryption and access control to safeguard sensitive data during transmission. With its combination of scalability, flexibility, and security, the Cisco ONS 15600 stands out as a reliable choice for organizations looking to enhance their optical networking capabilities while meeting the evolving demands of the digital landscape. Its commitment to quality and performance makes it a cornerstone of modern optical networks.
Top Page Image Contents