Chapter 5 Security

5.3 Audit Trail

Table 5-3

ONS 15600 User Idle Times

 

 

 

Security Level

 

Default Idle Time

 

 

 

Superuser

 

15 minutes

 

 

 

Provisioning

 

30 minutes

 

 

 

Maintenance

 

60 minutes

 

 

 

Retrieve

 

Unlimited

 

 

 

5.2.2.3 Superuser Password and Login Privileges

A Superuser can perform ONS 15600 user creation and management tasks from the network or node (default login) view. In network view, a Superuser can add, edit, or delete users from multiple nodes at one time. In node view, a Superuser can only add, edit, or delete users from that node.

Superuser password and login privilege criteria include:

Privilege level—A Superuser can change the privilege level (such as Maintenance or Provisioning) of a user ID while the user is logged in. The change will become effective the next time the user logs in and will apply to all nodes within the network.

Login visibility—Superusers can view real-time lists of users who are logged into a node (both CTC and TL1 logins) by retrieving a list of logins by node. A Superuser can also log out an active user.

Password expiration and reuse settings—Superusers provision password reuse periods (the number of days before a user can reuse a password) and reuse intervals (the number of passwords a user must generate before reusing a password).

User lockout settings—A Superuser can manually lock out or unlock a user ID.

Invalid login attempts—A Superuser sets the number of invalid login attempts a user can make before the user ID is locked out. Additionally, the Superuser sets the time interval the user ID is locked out after the user reaches the login attempt limit.

Single Session Per User—If the Superuser provisions a user ID to be active for a single occurrence only, concurrent logins with that user ID are not allowed.

5.3Audit Trail

The ONS 15600 maintains a GR-839-compliant audit trail log that resides on the TSC card. This record shows who has accessed the system and what operations were performed during a given period of time. The log includes authorized Cisco logins and logouts using the operating system command line interface (CLI), CTC, and TL1; the log also includes FTP actions, circuit creation/deletion, and user/system generated actions.

Event monitoring is also recorded in the audit log. An event is defined as the change in status of an element within the network. External events, internal events, attribute changes, and software upload/download activities are recorded in the audit trail.

Audit trails are useful for maintaining security, recovering lost transactions and enforcing accountability. Accountability is the ability to trace user activities and is done by associating a process or action with a specific user. To view the audit trail log, refer to the “Manage Alarms” chapter in the Cisco ONS 15600 Procedure Guide. Users can access the audit trail logs from any management interface (CTC, CTM, TL1).

Cisco ONS 15600 Reference Manual, R7.2

5-6

Page 109 Page 111
Page 110
Image 110
Cisco Systems ONS 15600 manual Audit Trail, Superuser Password and Login Privileges, Default Idle Time
Page 109 Page 111

ONS 15600 specifications

Cisco Systems ONS 15600 is a highly versatile optical networking platform designed to meet the demands of modern telecommunications and data services. This multiservice edge platform supports various transmission mediums and offers a wide array of features that enable efficient data transport. Ideal for service providers and large enterprises, the ONS 15600 is engineered to provide scalable and reliable optical transport solutions.

One of the notable features of the ONS 15600 is its capability to support multiple protocols, including SONET/SDH, Ethernet, OTN, and legacy TDM services. This flexibility allows users to tailor their networks according to specific service requirements while ensuring interoperability with existing infrastructure. The platform is designed to facilitate seamless service migration, accommodating both legacy and next-generation services.

The modular architecture of the ONS 15600 enhances its scalability. It allows for easy expansion by incorporating additional line cards or interface modules without requiring significant downtime. This modularity ensures that service providers can evolve their networks over time, responding to increasing bandwidth demands and new service offerings with ease.

Incorporating advanced technologies, the ONS 15600 employs Dense Wavelength Division Multiplexing (DWDM), significantly increasing the capacity of fiber networks by allowing multiple signals to be transmitted simultaneously over a single optical fiber. This capability helps to optimize fiber utilization and reduce operational costs. In addition, the platform supports Optical Transport Network (OTN) for improved error detection and correction, contributing to higher reliability and performance.

Another key characteristic of the ONS 15600 is its robust management capabilities. The platform can be managed through Cisco's Optical Networking Manager (ONM), providing a centralized interface for network configuration, monitoring, and troubleshooting. This enhances operational efficiency and minimizes downtime, allowing service providers to focus on delivering quality services to their customers.

The ONS 15600 also prioritizes security, offering various features like encryption and access control to safeguard sensitive data during transmission. With its combination of scalability, flexibility, and security, the Cisco ONS 15600 stands out as a reliable choice for organizations looking to enhance their optical networking capabilities while meeting the evolving demands of the digital landscape. Its commitment to quality and performance makes it a cornerstone of modern optical networks.
Top Page Image Contents