RedMax EXtreme EX-LRT Anleitung zur Fehlerbehebung PDF herunterladen (Seite 18)

Oracle SBC Security Guide

Passwords

The SBC provides two levels of user accounts through the Acme Packet Command Line Interface

(ACLI): User and Superuser (the “user” and “admin” accounts). These passwords must be changed

immediately according to appropriate password standards applicable to the customer’s corporate

practices.

Alternatively, the SBC supports the management of passwords via external RADIUS and TACACS+

servers for finer grain access control. The SBC supports communications with up to six RADIUS servers

for this function. At least two entries should be configured to prevent service interruption.

The SBC encrypts sensitive configuration data in the configuration file using a Protected Configuration

Password (PCP). This administratively configured password provides security and convenience when

migrating configurations to different SBCs. All user passwords should be changed; however, it is

especially important to change the PCP (“config” user password) so passwords and keys stored in the

config file are secure. TLS, IPsec, and HDR features are protected by the PCP:

CAUTION: Once the PCP password is changed the sensitive information (certificates, IPSec

shared secrets, etc) in your configuration file will be re-encrypted using the new PCP as the new

encryption “salt.” As a result, previously backed up configuration files cannot be restored unless

the password is restored to the value that configuration file was encrypted with.

Configuration is detailed in Section 2 “Getting Started” of the ACLI Configuration Guide, and Section 4

“System Management” of the Maintenance and Troubleshooting Guide in the subsection entitled “Setting

a Protected Configuration Password: Matching Configurations.”

The SBC provides a backup user for HDR file synchronization that must be changed. The backup user

password can be set using the command “secret backup”. The “secret” command is detailed in Section 3

of the ACLI Reference Guide.

The SBC provides one user for administration of legal intercept functions when a Lawful Intercept (“LI”)

license is installed – li-admin. The first time lawful interception is configured you will be prompted to

change the password. However if you have installed the license, but never configured lawful interception,

the default password may be active and usable via SSH. Procedures to change the password are detailed

in the Net-Net LI Documentation Set.

Boot Flags

Boot parameters specify what information the system uses at boot time when it prepares to run

applications. The boot parameters allow definition of an IP on the management interface, set the system

prompt, and determine the software load that will be used. In addition, there is a boot flag setting that may

modify the file location to be used, but may also enable additional features. Administrator access to the

command line interface is required to modify the bootflags.

There is seldom a reason to change the boot flag from its default value (0x08). Changes to the boot flags

are usually only needed for hardware testing or recovery, debugging, etc.

A few boot flag values that are disabled by default have security implications. These should only be

enabled at the direction of Oracle technical support.

 0x01 – Turns off the hardened interface protection on the media interfaces, allowing all ingress

traffic

1 2 ... 13 14 15 16 17 18 19 20 21 22 23 ... 141 142

Keine Kommentare

RedMax EXtreme EX-LRT Anleitung zur Fehlerbehebung Seite 18