|
|
Any manager application can access the TL1 NE/NS and perform any operation on any resource which is not desirable. Confidential data may be accessed by anyone and the NE/NS can be easily misused. Without authentication on the users accessing a particular resource or using any particular command etc., the NE/NS is at risk of intrusion. Security enables authentication, that helps an administrator to prevent unauthorized access to any particular resource.
To prevent the possibility of a deliberate or accidental attack (intrusion) on a TL1 NE, User Security View is implemented in the TL1 Agent Simulator as per the specifications in GR 815 and TR 835.
User Related Security authorizes the establishment of a session (i.e., login) and its continuation until logoff. Before granting a session, the TL1 Agent will validate and authenticate the session requester. In addition, the NE/NS also ensures that the communication path between the NE/NS and the session requester is trusted so that no intruder can enter the channel.
User-Related Security View contains system access control parameters such as user name, password, password aging, privilege, etc. NE uses this data to authenticate a user when he tries to establish a session with the NE.
The user details and various other privileges associated with the user are entered in the User related Security View.
Enabling User-Related Security
Follow the steps given below to enable User Security in TL1 Agent Simulator.
In the TL1 Agent Simulator, select Configure -> Security Configuration. The Configure User Security dialog appears.
Select the option Enable Security. Now, User Security is enabled.
User Related Security Parameters
The following are the user detail parameters that are available in the User Related Security View.
User Name (UID): This parameter contains the Name of the user. User Name can be a maximum of 10 Alpha Numeric characters.
Password (PID): This parameter contains the password for the corresponding user name. password will be present in encrypted format. MD5 Algorithm is used for encryption.
User Status (STATE): This parameter determines if the particular user name is functioning i.e. in service (IS) or not functioning i.e. out of service (OS).
Password Aging Time (PAGE): This is the expiry duration for the password. When an user logs in after the page period, he/she will be informed with the details of the PCNN and PCND. The user has to change the password before the PCND or the PCNN period. The password aging time is in days. Default value is 60. Range is between 0 to 999 days.
Early warning on imminent password aging (PCND): This is the time period in number of days after the PAGE, which is allowed for the user to change his password. The unit of PCND is in days. Default value is 7. Range is between 0 to 999 days
Early warning on imminent password aging (PCNN): This is the number of times that a user can log in after PAGE limit was reached and before which the user has to change his password. Default value 3. . Range is between 0 to 999 times
Time of Last Log in (LastLoginTimeStamp): This is the last recorded Login time of a user. This time will be displayed every time a user logs in.
Password Obsolescence Interval (POINT): This is the minimum time interval that is required if the User wishes to use a password that was already used. Unit of POINT is in days. Please note that POINT has not been implemented in this release. Default value 180. Range is between 0 to 999 days
User ID Aging Interval (UOUT): This parameter specifies the aging or expiry interval of a particular User Id. At the end of this interval, the UID is disabled if during this interval it has never been used to setup a session. Default value is 90. Range is between 0 to 999 days.
Channel Identifier List (CID) : This is the list of channels (like TCP UDP etc) through which a particular user has access. Default value is TCP.
User Access Privilege (UAP): This parameter contains information about the access privileges. UAP is alphanumeric. By default the TL1 Simulator takes the UAP value of "priv1".
List of Ports ( LSTOI ): This is the list of objects or ports (or directory numbers) that a particular user is authorized to access. The user needs to handle this parameter.
Adding User-Related Security Parameter Values
Follow the steps given below to add the values for User Security View parameters. In this chapter we will be taking an example of adding a new user with user name "User1" and password "pswd" to the User Security View.
In the TL1 Agent Simulator, select Configure -> Security Configuration. The Configure User Security dialog appears.
Select the option Enable Security. Now, User Security is enabled.
Click the Add button below the table to add a new entry to the User Security Table. The "Security Settings" dialog box will appear, where you will have to enter the new user details .
Please note that by default PCND is enabled in the TL1 Agent simulator. This is achieved by giving negative value to PCNN. However the user can enable PCNN just by giving any positive value less than 999.
After adding the new entry details click the OK button. The new entry for the User Security View will be added to the table.
Now Start the TL1 Agent
The newly added user (User1) can now authenticate into the TL1 Agent as explained in the Logging in and Logging out section. The User Id to be passed in the AID block will be User1 and the Password will be pswd.
|
|
Note: The values of the parameters of an existing user can be modified from this configuration table or an existing user entry can be deleted from this table. |
The new user entries will be stored in the UserSecurity.txt file in the encrypted format, in the configuration directory. The entries are also stored in XML format in the SecurityFile.xml, in the configuration directory.
Logging in and Logging out can otherwise be called as Authentication. Follow the steps given below to login and logout of the TL1 Agent. Here we will be logging in as the administrator whose default user name and password are "root" and "public" respectively.
Create a Simulated TL1 Agent for the TCS AcmeMSU.tcs
Start the Agent at a specified port, say 9099.
Start the TL1 Craft Interface by selecting TL1CraftInterface.bat/sh file.
Load the TCS file implemented in the simulated agent and tl1security.tcs in the TL1CraftInterface using the File -> Load option in the menu bar.
Choose Session -> Open Session option in the menu bar
Enter the Host Name and Port Number where the agent is running in the dialog box that appears.
Click Open Session to connect to the TL1 Agent running at port 9099.
Expand the tl1security.tcs tree and select ACT-USER command.
Authenticate into the
TL1 Agent by using the Input message "ACT-USER::root:1::public;".
After typing the message, choose Session
->Send Message in the
Menu Bar .
The Agent will send the following response message which can be viewed
in the Response Message Block.
** 1.0 REPT EVT SESSION
"root:NO"
/*NOTICE:This is a private computer system.
Unauthorised access or use may lead to prosecution*/
;
AdvTL1Sim 2003-10-22 16:02:55
M 3 COMPLD
"root:,0"
;
This means that you have successfully authenticated into the TL1 Agent.
You can logout of the TL1 Agent anytime using the CANC-USER command shown below :
CANC-USER::root:2::;
|
|
