Carrier Access Broadmore 1750 User Manual
Page 248
10-4
Broadmore 1750 - Release 4.6
Security Management
Security Guidance
System Clock – The system clock is used to time stamp all events recorded in the
system log and user audit log. To set the system clock, see “System Clock” on
page
User Administration – The Broadmore authenticates users by identification and
role-based access privilege levels and maintains an audit trail activity log. Only
a SuperUser can assign users and access levels, set the minimum number of
characters required for user names and passwords (user ID rules), and clear the
system log. The security officer must ensure that all users change their passwords
periodically in accordance with local security practice.
(1) It is recommended that passwords be changed at least once every 6 months.
Users must be instructed to use a random combination of all the usable characters
for passwords.
(2) It is recommended that all users, access privileges, and role assignments be
reviewed periodically or whenever a personnel termination, transfer, or role
change occurs.
Audit Trails – Audit trails must be enabled for FIPS mode.
The cryptographic module provides a system log and user audit log. The audit log
(audit.txt) records user actions while the system log (sys.log) records system
events and configuration changes.
A SuperUser has access to pSOS shell commands that can overwrite the system
and audit log files. This misuse of shell commands to corrupt the audit trail is
strictly prohibited and removes the Broadmore from the evaluated configuration.
It is recommended that user audit trails be examined periodically in accordance
with local security practice to determine if the Broadmore is being accessed by
unauthorized users or during nonstandard hours, or if the configuration is being
accessed or altered in an inappropriate manner. For example, every third
consecutive attempted login failure produces an entry in the system log.