2 management security features, 3 three levels of security, Management security features – CANOGA PERKINS 9145E10G NID Software Version 1.0 User Manual

9145E10G NID Software User’s Manual

Introduction

Management Security Features

2

1.2 Management Security Features

The 9145E10G has comprehensive management access security features, including SNMPv3
authorization, RADIUS, password formatting, and user access controls. You can set values and
options within the software that will work with the security protocols on your network. The four
network security protocols listed below are supported. In addition, the 9145E10G provides
options to define strong passwords, independent of the security protocols.

SNMPv3 - SNMPv3 provides authentication and encryption of management traffic across a
network.

Remote Access Dial In User Security (RADIUS) - The RADIUS server maintains user
account information. At login, the 9145E10G queries the server which authenticates the user-
name and password and sends a message to the 9145E10G to allow the login. The RADIUS
server can also be set up to require additional authentication information before accepting the
user. If the username or password is not valid, the RADIUS server sends a message to the
9145E10G to disallow the login and reject the user.

Secure Shell version 2 (SSH-2) - SSH-2 provides authentication and encryption for a
secure remote Telnet connection. SSH can be configured to provide unique User Accounts.

Secure File Transfer Protocol (SFTP) - SFTP adds encryption to protect uploaded files
during the file transfer process, such as for a software update.

1.3 Three Levels of Security

Most Service Provider management networks provision certain access levels to technicians, net-
work administrators, and managers. Offering different access levels to critical applications allows
network administrators to keep closer watch on the entire network.

The 9145E10G allows view-based access to be set up for user interface features and SNMP
access. A capabilities file allows views to be defined in an ASCII file and downloaded to the NID.
A three (3) level security system on the 9145E10G controls all user interface and SNMPv3
access.

All 9145E10G features require that the user have a certain access level. The logged in user or
SNMPv3 manager’s access level is used to validate and control access to the 9145E10G fea-
tures. When accessing a menu item or an SNMP object, the user’s access level is checked
against the access level required for the feature. If the user’s access level is sufficient, then the
access is granted. If the user’s access level is not sufficient, an error message is displayed in the
status area, or an SNMP error is returned.

The three access levels are supervisor, operator, and observer.

1. In the default configuration, the supervisor access level is allowed complete access to all

of the 9145E10G’s features including configuring the 9145E10G’s security system.