2 management security features, 3 three levels of security – CANOGA PERKINS 9145ELB NID Software Version 4.01 User Manual

9145ELB NID Software User’s Manual

Introduction

Management Security Features

2

1.2 Management Security Features

The 9145ELB has comprehensive management access security features, including SNMPv3
authorization, RADIUS, password formatting, and user access controls. You can set values and
options within the software that will work with the security protocols on your network. The four
network security protocols listed below are supported. In addition, the 9145ELB provides options
to define strong passwords, independent of the security protocols.

SNMPv3 Provides authentication and encryption of management traffic across a network.

Remote Access Dial In User Security (RADIUS) The RADIUS server maintains user account
information. At login, the 9145ELB queries the server which authenticates the username and
password and sends a message to the 9145ELB to allow the login. The RADIUS server can also
be set up to require additional authentication information before accepting the user. If the
username or password is not valid, the RADIUS server sends a message to the 9145ELB to
disallow the login and reject the user.

Secure Shell version 2 (SSH-2) SSH-2 provides authentication and encryption for a secure
remote Telnet connection. SSH can be configured to provide unique User Accounts.

Secure File Transfer Protocol (SFTP) SFTP adds encryption to protect uploaded files during
the file transfer process, such as for a software update.

1.3 Three Levels of Security

Most Service Provider management networks allow different access levels to various types of
employees (e.g., field technicians will have restricted access to some configuration parameters,
while NOC administrators typically have full access to all parameters). Offering tiered
management access to network elements allows Service Providers to protect their network
against unauthorized access and misconfigurations.

The 9145ELB allows view-based access to be set up for user interface features and SNMP
access. A capabilities file allows views to be defined in an ASCII file and downloaded to the NID.
A three-level security system on the 9145ELB controls all user interface and SNMPv3 access.

All 9145ELB features require that the user have a certain access level. The logged in user or
SNMPv3 manager’s access level is used to validate and control access to the 9145ELB
features. When accessing a menu item or an SNMP object, the user’s access level is checked
against the access level required for the feature. If the user’s access level is sufficient, then the
access is granted. If the user’s access level is not sufficient, an error message is displayed in the
status area, or an SNMP error is returned.

The three access levels are supervisor, operator, and observer.

•

In the default configuration, the supervisor access level is allowed complete access to all

9145ELB features including configuring the security system.

•

The operator access level is allowed access to the 9145ELB features except those relat-

ing to the 9145ELB’s security system. This level can be configurable by the administrator.

•

The observer access level is allowed access to the 9145ELB features that do not modify

the 9145ELB’s configuration. This level can be configurable by the administrator.