|
Table Of Contents
External Interfaces
May 2, 2007 OL-5327-03This chapter details the extensions provided in the Cisco BTS 10200 Softswitch software to help users manage the UNIX services and security aspects of the Cisco BTS 10200 Softswitch.
Billing Interface
No direct impact is made to the billing application on the Cisco BTS 10200 Softswitch in this release of the security services document.
Operations
This section describes changes to the user interface as a result of the Cisco BTS 10200 Softswitch security services and impacts as to how the Cisco BTS 10200 Softswitch is deployed in lab situations. In addition to changes in the use of the Cisco BTS 10200 Softswitch, the indirect changes to the system (changes that cannot be directly observed) are also documented.
The most significant alteration for this release is that Secure Shell (SSH) is the default method of access to the Cisco BTS 10200 CLI/MAINT interfaces. This is changed from the Telnet interface used prior to this release. The use of SSH is documented in the Cisco BTS 10200 Softswitch Operations, Maintenance and Troubleshooting Guide.
Operator Interface
Additional commands have been added to manage the UNIX services in the Cisco BTS 10200 Softswitch. These commands are available from the CLI/MAINT interface. In addition, these same commands are also available from the CORBA and bulk-provisioning interface. There are no schemas and tables associated with these commands. They directly control the UNIX services. These services are only enabled for the lifetime of the current kernel instance. They are reset to the installed defaults when a kernel reboot is performed.
Table 2-1 describes the system services available using the node command.
User Activity Commands
User activity commands are available to manage the users on the system. The activity timer for user sessions is not part of any schema or table. This is a system configuration token. Table 2-2 describes the Element Management System (EMS) command for idle session timeout.
Caution Altering user activities after the delivery of the Cisco BTS 10200 Softswitch can create security issues in your network.
Alarms
No alarms are changed or added with these security packages.
Measurements
No TMM or SNMP MIB changes are required with these security packages. Security logs and related information are accessed by alternate means for security.
Troubleshooting
There are no impacts to troubleshooting the Cisco BTS 10200 Softswitch as a result of these security packages. However, there are some issues with using SSH to access the system. All users of the system must have this software facility for access to the system. This includes any additional components to allow Windows-based PC software to access the Cisco BTS 10200 Softswitch.
Installation Issues
There are no installation issues associated with these security packages. They are automatically part of the initial installation and install as packages in the system. When the packages are removed, the system is restored to the original defaults. These are handled in the postinstall and postremove scripts in the packages.
Note These security packages are not automatically updated during normal Cisco BTS 10200 Softswitch software upgrade installations. A separate procedure is available for upgrades to these packages.
System Provisioning
Some examples of system provisioning are detailed below. To enable FTP, issue the following command at the CLI/MAINT prompt:
change node id=priems25; service=ftp; enable=Y
To display the present status of the Telnet service, which is either enabled or disabled, use the following command:
show node service=telnet;
Reply example:
Success: UNIX Service telnet is disabled.
To control the use of resources on the system consumed by user sessions, EMS CLI users use the following command:
change session idle-time=10;
Posted: Wed May 2 10:07:18 PDT 2007
All contents are Copyright © 1992--2007 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.