07 mn1783eu11mn 0001 security management
TRANSCRIPT
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
1/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
1
Contents
1 Introduction 32 Profile Management 92.1 Sub-Profiles 102.2 Authorization Profiles 132.3 User Profile 153 Preferences 174 Interworking of RC and LMT 235 Exercise 276 Solution 35
Security management
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
2/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
2
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
3/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
3
1 Introduction
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
4/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
4
The security administration includes tasks, such as:
Authorization profiles handling:
The Radio Commander offers several default authorization profiles to defineaccess rights for a specific user. There are 36 default authorization profiles for theRC; furthermore the user with the appropriate security rights, e.g. withauthorization profile RCSysAdmin, can define additional authorization profiles.
Subprofiles handling:
Authorization profiles consist of sub-profiles related to BSS, NodeB, RNC and/orRC including rights for the database access. A subprofile specifies a set of allowedcommands. The Radio Commander offers 73 default subprofiles; furthermore theuser with the appropriate security rights, e.g. with the authorization profileRCSysAdmin assigned, can define additional subprofiles.
User profiles handling:The RC offers a user profile for each user. As well as user names etc., this profilespecifies the authorization profile assigned to the user. User profiles may becreated, modified and deleted by a user with the appropriate security rights, e.g.with the authorization profile RCSysAdmin assigned.
Depending on the authorization profile assigned to a user the not allowedcommands are grayed out and cannot be selected via the GUI. Via the CLI thecommand will be launched, but returns with an error message.
The users can enable themselves to execute scheduling jobs. Therefore theirUNIX crontab_file must be modified.
Security settings:Security settings are information like password expiration time, limits for passwordlength or screen lock behavior. The user with the appropriate security rights (e.g.RCSysAdmin) manages all global settings for all users.
Password dictionary handling:
There is one password dictionary available in the database, which holds allforbidden user passwords. It is not possible to delete a specific password. You canonly delete the whole dictionary.
If a password dictionary is imported, the content of this dictionary will be read intothe database of the OMP. Thereby only the new passwords will be read into thedatabase all others will be omitted.
You can also export these passwords into a specified ASCII file.
Before a RC operator can use the system, he/she has to authenticate to the system.This is done by entering a login name and a password on the UNIX level, and - if thepasswords are different - a second time at the RC application. Related to the loginname is a certain operator profile.
Profiles are defined to distinguish permissions of different RC operators. Comparedto the OMC-B, the RC allows much more detailed profiles.
Every user can define preferences to customize the RC application panels to hispersonal like.
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
5/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
5
The Radio Commander provides since BR8.0/UMR4.0 the common platform tomanage both technologies on one Radio Commander. Since most of the customerswill be using the RC to manage homogenous single technology networks (GSM only,
or UMTS only) authorization profiles are defined to separate the technologies. Theconsequence of the using default authorization profiles is to disable (grey out)commands that are not used in the specific technology. There are also defaultauthorization profiles, which allows commands for both technologies.
There are two kinds of authorization profiles:
1. One kind providing a sequence of profiles with increasing rights:RCMonitorUser*, RCReadUser*, RCConfUser* and RCSysAdmin*, whereRCMonitorUser* has the fewest rights, RCSysAdmin* has the most rights
* means: _umr, _gsm, or nothing, i.e. in the case of RCMonitorUser, you have :
RCMonitorUser_umr, allowing only UMTS related commands (pure UMTScommands and common commands)
RCMonitorUser_gsm, allowing only GSM related commands (pure GSMcommands and common commands)
RCMonitorUser, allowing GSM related commands and UMTS related commands(including the common commands)
2. the other kind is related to the management function and to the technology:RCConfMgmnt*, RCFaultMgmnt*, RCLogMgmnt*, RCSecurityMgmnt*,RCPerfMgmnt*, RCSoftwareMgmnt*, RCTestMgmnt*, RCStateMgmnt* (_umr,
_gsm, nothing for both technologies)
Default authori-zation profiles
Permissions
RCSysAdmin can execute all commands on the RC and the PLMN, includingthe security tasks, e.g. create user profile.
RCConfUser can execute all RC and PLMN configuration commands,excepting security tasks:
BSS configuration management
Performance management
Fault management
Test management
State management
Software management
The user profile includes the user rights of the RCReadUser.
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
6/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
6
Default authori-zation profiles
Permissions
RCReadUser can execute all Get commands from the PLMN:
BSS configuration management
Performance management
Fault management
Test management
State management
Software management
The RCReadUser has also writing access to the Performancemanagement. The user profile includes the user rights of theRCMonitorUser.
RCMonitorUser can just monitor the PLMN:
alarm monitoring
status monitoring
test management
The RCMonitorUser is the RC standard user.
RCConfMgmnt allows to execute all RC and PLMN configuration commands
RCFaultMgmnt allows to access the fault management commands for the RCand PLMN.
RCLogMgmnt allows access to the logging management for RC and PLMN.
RCPerfMgmnt. allows to execute all commands for performance management.
RCSecurityMgmnt allows execution of all security commands.
RCSoftwareMgmnt allows access to the software management commands.
RCTestMgmnt allows execution of the test management commands
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
7/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
7
Fig. 1 Example for a user with authorization profile RCSysAdmin_gsm
Fig. 2 Example for a user with authorization profile RCSysAdmin_umr
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
8/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
8
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
9/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
9
2 Profile Management
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
10/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
10
2.1 Sub-Profiles
The RC system administrator can define his own sub-profiles from the RadioCommander Applications panel.
Fig. 3
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
11/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
11
Fig. 4
Fig. 5
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
12/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
12
Fig. 6
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
13/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
13
2.2 Authorization Profiles
Authorization profiles can be managed in a similar way. They depend on sub-profiles:
Fig. 7
Fig. 8
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
14/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
14
Fig. 9
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
15/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
15
2.3 User Profile
A user profile is defined based on an authorization profile.
Fig. 10
Fig. 11
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
16/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
16
Fig. 12
Fig. 13
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
17/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
17
3 Preferences
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
18/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
18
Preference settings are done from the RC Applications panel.
Four sub-panels exist for the definition of
General settings
Dialog settings
Panel settings
Alarm settings
In the sub-panel forGeneral settings selections can be made to determine whether
sound is used,
whether the information of session ID and RC Region is displayed or not, and
the editor which is used in the system.
The Dialog settings offer:
Action Dialog Defaults:
Defines whether default values (Operator defaults) are automatically loaded inAction dialogs or not. The setting is applied to newly opened dialogs. (Defaultvalue: No default values)
Set Dialog Defaults:
Defines whether default values (Current values, System defaults orOperatordefaults) are automatically loaded in Setdialogs or not. The setting is applied tonewly opened dialogs. (Default value: No default values)
Create Dialog Defaults:
Defines whether default values (System defaults orOperator defaults) areautomatically loaded in Create dialogs or not. The setting is applied to newlyopened dialogs. (Default value: No default values)
Representation of Service Menu:
Enables to select between two different context menu presentation styles: Area orActions. The setting is also applied to the context menu of open panels and lists
as well as theAdministration menu in the RC Applications window.
When you select the Area option, the commands are grouped by 'applicationareas' like Fault Management, Configuration Management, Logging Managementor Security Management. The area-specific commands are shown in submenus.
When you select the Actions option, all commands are listed in Create, Delete,Get, Set and Action submenus without further grouping.
Sort Order in Comboboxes:
Defines the sort order of the entries in drop-down lists (AlphabeticorPredefined).The setting is applied to newly opened dialogs. (Default value:Alphabetic)
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
19/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
19
Sort In Groups:
Defines the parameter sort order within a parameter group, i.e. within a tab of aninput dialog (AlphabeticorPredefined). The setting is applied to newly opened
dialogs. (Default value:Alphabetic)
Fig. 14
Fig. 15
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
20/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
20
The Panel settings contain choice boxes for
Help View Activation (Yes activates the textual indication of the state),
Fit Mode (Yes adapts the panel size dynamically to the optimum)Auto Save operator specific Panel Data to define whether the operator specific
panel properties are automatically stored when the panel is closed or not.
Play Sound on state Change
Finally, the Alarm Settings panel defines the behavior of the system (e.g. the alarmlist) in case of new alarm messages:
Display iconified Alarm List as Popup (when a new alarm message is received),
Change Color of Alarm List icon (when a new alarm message is received),
Popup Open Alarm List to Workspace (when a new alarm message is received),
Acoustic Signal (when a new alarm message is received),
Blinked new Alarm (when a new alarm message is received).
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
21/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
21
Fig. 16
Fig. 17
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
22/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
22
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
23/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
23
4 Interworking of RC and LMT
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
24/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
24
The priorities of access for RC and LMT are defined in the same way as in OBR5.5:
At the BSC, the RC has the higher priority and can block a connected LMT,
at BTSE and TRAU the LMT has the higher priority
If an LMT is active at the BSC, the RC operator cannot enter all the commands butwill receive a message about the LMT.
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
25/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
25
Fig. 18
Fig. 19
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
26/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
26
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
27/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
27
5 Exercise
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
28/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
28
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
29/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
29
Exercise 1
Title: Creation of profilesPre-requisite: login at RC as RCSysadm
Task
Create a new authorization profile!
Then create a sub-profile based on this authorization profile!
Finally create a user!
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
30/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
30
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
31/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
31
Exercise 2
Title: Setting of preferencesTask
Set your own preferences!
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
32/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
32
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
33/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
33
Exercise 3
Title: RC-LMT interworkingPre-requisite: LMT active at BTSE or TRAU and at BSC
Task
Try handling of the RC with a LMT active at BTSE and TRAU!
Try handling of the RC with a LMT active at the BSC! Block and unblock the LMT!
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
34/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
34
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
35/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
35
6 Solution
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
36/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
36
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
37/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
37
Solution 1
Title: Creation of profiles
Pre-requisite: login at RC as RCSysadm
Task
Create a new authorization profile!
Fig. 20
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
38/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
38
Then create a sub-profile based on this authorization profile!
Fig. 21
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
39/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
39
Finally create a user!
Fig. 22
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
40/44
Siemens Security management
MN1783EU11MN_0001
2002 Siemens AG
40
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
41/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
41
Solution 2
Title: Setting of preferences
Task
Set your own preferences!
Fig. 23
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
42/44
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
43/44
Security management Siemens
MN1783EU11MN_0001 2002 Siemens AG
43
Solution 3
Title: RC-LMT interworking
Pre-requisite: LMT active at BTSE or TRAU and at BSC
Task
Try handling of the RC with a LMT active at BTSE and TRAU!
Try handling of the RC with a LMT active at the BSC!
Block and unblock the LMT!
Fig. 24
-
7/28/2019 07 Mn1783eu11mn 0001 Security Management
44/44
Siemens Security management