System Security Guide
Chapter 2: External Interfaces
Download this chapter
Chapter 2: External Interfaces Chapter 2: External Interfaces
Download the complete book
Cisco BTS 10200 Softswitch System Security Full Book PDFCisco BTS 10200 Softswitch System Security Full Book PDF (PDF - 920 KB)
give_us_feedback

Table Of Contents

External Interfaces

Billing Interface

Operations

Operator Interface

User Activity Commands

Alarms

Measurements

Troubleshooting

Installation Issues

System Provisioning


External Interfaces

July 10, 2007 OL-5327-03

This chapter details the extensions provided in the Cisco BTS 10200 Softswitch software to help users manage the UNIX services and security aspects of the Cisco BTS 10200 Softswitch.

Billing Interface

No direct impact is made to the billing application on the Cisco BTS 10200 Softswitch in this release of the security services document.

Operations

This section describes changes to the user interface as a result of the Cisco BTS 10200 Softswitch security services and impacts as to how the Cisco BTS 10200 Softswitch is deployed in lab situations. In addition to changes in the use of the Cisco BTS 10200 Softswitch, the indirect changes to the system (changes that cannot be directly observed) are also documented.

The most significant alteration for this release is that Secure Shell (SSH) is the default method of access to the Cisco BTS 10200 CLI/MAINT interfaces. This is changed from the Telnet interface used prior to this release. The use of SSH is documented in the Cisco BTS 10200 Softswitch Operations, Maintenance and Troubleshooting Guide.

Operator Interface

Additional commands have been added to manage the UNIX services in the Cisco BTS 10200 Softswitch. These commands are available from the CLI/MAINT interface. In addition, these same commands are also available from the CORBA and bulk-provisioning interface. There are no schemas and tables associated with these commands. They directly control the UNIX services. These services are only enabled for the lifetime of the current kernel instance. They are reset to the installed defaults when a kernel reboot is performed.

Table 2-1 describes the system services available using the node command.

Table 2-1 Node Command for UNIX Services 

Noun
Verb
Options
Description

Node

Change

SERVICE [Required]

Must be one of the following: FTP, TELNET, ECHO, DISCARD, PRINTER, DAYTIME, CHARGEN, SMTP, TIME, FINGER, SUNRPC, EXEC, LOGIN, SHELL, UUCP, NFS, LOCKD, X11, DTSCP, FONT-SERVICES, HTTP.

Defines the service to change.

Node

Change

ENABLE [Required]

A Boolean flag [Y/N] that indicates whether to turn this service on or off.

Node

Change

NODE [Required]

The node name in the Cisco BTS 10200 Softswitch where the service is managed.

Node

Show

SERVICE [Required]

Must be one of the following: FTP, TELNET, ECHO, DISCARD, PRINTER, DAYTIME, CHARGEN, SMTP, TIME, FINGER, SUNRPC, EXEC, LOGIN, SHELL, UUCP, NFS, LOCKD, X11, DTSCP, FONT-SERVICES, HTTP.

Defines the service to display.

Node

Show

Node [Required]

Defines the node to display for the state of the service.


User Activity Commands

User activity commands are available to manage the users on the system. The activity timer for user sessions is not part of any schema or table. This is a system configuration token. Table 2-2 describes the Element Management System (EMS) command for idle session timeout.

Table 2-2 EMS Command for Idle Session Timeout

Noun
Verb
Options
Description

Session

Change

IDLE-SESSION [10-30]

Defines the number of minutes that a user can be idle on the CLI interface prior to being automatically logged off the Cisco BTS 10200 Softswitch.


Caution Altering user activities after the delivery of the Cisco BTS 10200 Softswitch can create security issues in your network.

Alarms

No alarms are changed or added with these security packages.

Measurements

No TMM or SNMP MIB changes are required with these security packages. Security logs and related information are accessed by alternate means for security.

Troubleshooting

There are no impacts to troubleshooting the Cisco BTS 10200 Softswitch as a result of these security packages. However, there are some issues with using SSH to access the system. All users of the system must have this software facility for access to the system. This includes any additional components to allow Windows-based PC software to access the Cisco BTS 10200 Softswitch.

Installation Issues

There are no installation issues associated with these security packages. They are automatically part of the initial installation and install as packages in the system. When the packages are removed, the system is restored to the original defaults. These are handled in the postinstall and postremove scripts in the packages.

Note These security packages are not automatically updated during normal Cisco BTS 10200 Softswitch software upgrade installations. A separate procedure is available for upgrades to these packages.

System Provisioning

Some examples of system provisioning are detailed below. To enable FTP, issue the following command at the CLI/MAINT prompt: 

change node id=priems25; service=ftp; enable=Y

To display the present status of the Telnet service, which is either enabled or disabled, use the following command: 

show node service=telnet;

Reply example: 

Success: UNIX Service telnet is disabled.

To control the use of resources on the system consumed by user sessions, EMS CLI users use the following command: 

change session idle-time=10;