Chapter 5 Security

5.3.1 Audit Trail Log Entries

The audit trail is stored in persistent memory and is not corrupted by processor switches, resets or upgrades. However, if a user pulls both TSC cards, the audit trail log is lost.

5.3.1 Audit Trail Log Entries

Audit trail records capture the following activities:

User—Name of the user performing the action

Host—Host from where the activity is logged

Device ID—IP address of the device involved in the activity

Application—Name of the application involved in the activity

Task—Name of the task involved in the activity (View a dialog, apply configuration and so on)

Connection Mode—Telnet, Console, SNMP

Category—Type of change; Hardware, Software, Configuration

Status—Status of the user action (Read, Initial, Successful, Timeout, Failed)

Time—Time of change

Message Type—Denotes if the event is Success/Failure type

Message Details—A description of the change

5.3.2Audit Trail Capacities

The system is able to store 640 log entries.When this limit is reached, the oldest entries are overwritten with new events. When the log server is 80 percent full, an AUD-LOG-LOW condition is raised and logged (by way of CORBA/CTC).

When the log server reaches a maximum capacity of 640 entries and begins overwriting records that were not archived, an AUD-LOG-LOSS condition is raised and logged. This event indicates that audit trail records have been lost. Until the user off-loads the file, this event occurs once regardless of the amount of entries that are overwritten by the system. To export the audit trail log, refer to the

Cisco ONS 15600 Procedure Guide.

5.4 RADIUS Security

Users with Superuser security privileges can configure nodes to use Remote Authentication Dial In User Service (RADIUS) authentication. Cisco Systems uses a strategy known as authentication, authorization, and accounting (AAA) for verifying the identity of, granting access to, and tracking the actions of remote users.

5.4.1 RADIUS Authentication

RADIUS is a system of distributed security that secures remote access to networks and network services against unauthorized access. RADIUS comprises three components:

A protocol with a frame format that utilizes User Datagram Protocol (UDP)/IP

A server

Cisco ONS 15600 Reference Manual, R7.2

5-7

Page 111
Image 111
Cisco Systems ONS 15600 manual Radius Security, Audit Trail Log Entries, Audit Trail Capacities, Radius Authentication

ONS 15600 specifications

Cisco Systems ONS 15600 is a highly versatile optical networking platform designed to meet the demands of modern telecommunications and data services. This multiservice edge platform supports various transmission mediums and offers a wide array of features that enable efficient data transport. Ideal for service providers and large enterprises, the ONS 15600 is engineered to provide scalable and reliable optical transport solutions.

One of the notable features of the ONS 15600 is its capability to support multiple protocols, including SONET/SDH, Ethernet, OTN, and legacy TDM services. This flexibility allows users to tailor their networks according to specific service requirements while ensuring interoperability with existing infrastructure. The platform is designed to facilitate seamless service migration, accommodating both legacy and next-generation services.

The modular architecture of the ONS 15600 enhances its scalability. It allows for easy expansion by incorporating additional line cards or interface modules without requiring significant downtime. This modularity ensures that service providers can evolve their networks over time, responding to increasing bandwidth demands and new service offerings with ease.

Incorporating advanced technologies, the ONS 15600 employs Dense Wavelength Division Multiplexing (DWDM), significantly increasing the capacity of fiber networks by allowing multiple signals to be transmitted simultaneously over a single optical fiber. This capability helps to optimize fiber utilization and reduce operational costs. In addition, the platform supports Optical Transport Network (OTN) for improved error detection and correction, contributing to higher reliability and performance.

Another key characteristic of the ONS 15600 is its robust management capabilities. The platform can be managed through Cisco's Optical Networking Manager (ONM), providing a centralized interface for network configuration, monitoring, and troubleshooting. This enhances operational efficiency and minimizes downtime, allowing service providers to focus on delivering quality services to their customers.

The ONS 15600 also prioritizes security, offering various features like encryption and access control to safeguard sensitive data during transmission. With its combination of scalability, flexibility, and security, the Cisco ONS 15600 stands out as a reliable choice for organizations looking to enhance their optical networking capabilities while meeting the evolving demands of the digital landscape. Its commitment to quality and performance makes it a cornerstone of modern optical networks.