Sei sulla pagina 1di 44

Security management

Siemens

Security management

Contents
1 2 2.1 2.2 2.3 3 4 5 6 Introduction Profile Management Sub-Profiles Authorization Profiles User Profile Preferences Interworking of RC and LMT Exercise Solution 3 9 10 13 15 17 23 27 35

MN1783EU11MN_0001
2002 Siemens AG

Siemens

Security management

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Introduction

MN1783EU11MN_0001
2002 Siemens AG

Siemens

Security management

The security administration includes tasks, such as:

Authorization profiles handling:


The Radio Commander offers several default authorization profiles to define access rights for a specific user. There are 36 default authorization profiles for the RC; furthermore the user with the appropriate security rights, e.g. with authorization profile RCSysAdmin, can define additional authorization profiles.

Subprofiles handling:
Authorization profiles consist of sub-profiles related to BSS, NodeB, RNC and/or RC including rights for the database access. A subprofile specifies a set of allowed commands. The Radio Commander offers 73 default subprofiles; furthermore the user with the appropriate security rights, e.g. with the authorization profile RCSysAdmin assigned, can define additional subprofiles.

User profiles handling:


The RC offers a user profile for each user. As well as user names etc., this profile specifies the authorization profile assigned to the user. User profiles may be created, modified and deleted by a user with the appropriate security rights, e.g. with the authorization profile RCSysAdmin assigned. Depending on the authorization profile assigned to a user the not allowed commands are grayed out and cannot be selected via the GUI. Via the CLI the command will be launched, but returns with an error message. The users can enable themselves to execute scheduling jobs. Therefore their UNIX crontab_file must be modified.

Security settings:
Security settings are information like password expiration time, limits for password length or screen lock behavior. The user with the appropriate security rights (e.g. RCSysAdmin) manages all global settings for all users.

Password dictionary handling:


There is one password dictionary available in the database, which holds all forbidden user passwords. It is not possible to delete a specific password. You can only delete the whole dictionary. If a password dictionary is imported, the content of this dictionary will be read into the database of the OMP. Thereby only the new passwords will be read into the database all others will be omitted. You can also export these passwords into a specified ASCII file. Before a RC operator can use the system, he/she has to authenticate to the system. This is done by entering a login name and a password on the UNIX level, and - if the passwords are different - a second time at the RC application. Related to the login name is a certain operator profile. Profiles are defined to distinguish permissions of different RC operators. Compared to the OMC-B, the RC allows much more detailed profiles. Every user can define preferences to customize the RC application panels to his personal like.

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

The Radio Commander provides since BR8.0/UMR4.0 the common platform to manage both technologies on one Radio Commander. Since most of the customers will be using the RC to manage homogenous single technology networks (GSM only, or UMTS only) authorization profiles are defined to separate the technologies. The consequence of the using default authorization profiles is to disable (grey out) commands that are not used in the specific technology. There are also default authorization profiles, which allows commands for both technologies. There are two kinds of authorization profiles: 1. One kind providing a sequence of profiles with increasing rights: RCMonitorUser*, RCReadUser*, RCConfUser* and RCSysAdmin*, where RCMonitorUser* has the fewest rights, RCSysAdmin* has the most rights * means: _umr, _gsm, or nothing, i.e. in the case of RCMonitorUser, you have :

RCMonitorUser_umr, allowing only UMTS related commands (pure UMTS


commands and common commands)

RCMonitorUser_gsm, allowing only GSM related commands (pure GSM


commands and common commands)

RCMonitorUser, allowing GSM related commands and UMTS related commands


(including the common commands) 2. the other kind is related to the management function and to the technology: RCConfMgmnt*, RCFaultMgmnt*, RCLogMgmnt*, RCSecurityMgmnt*, RCPerfMgmnt*, RCSoftwareMgmnt*, RCTestMgmnt*, RCStateMgmnt* (_umr, _gsm, nothing for both technologies) Default authorization profiles RCSysAdmin RCConfUser Permissions can execute all commands on the RC and the PLMN, including the security tasks, e.g. create user profile. can execute all RC and PLMN configuration commands, excepting security tasks:

BSS configuration management Performance management Fault management Test management State management

Software management The user profile includes the user rights of the RCReadUser.

MN1783EU11MN_0001
2002 Siemens AG

Siemens

Security management

Default authorization profiles RCReadUser

Permissions can execute all Get commands from the PLMN:

BSS configuration management Performance management Fault management Test management State management

Software management The RCReadUser has also writing access to the Performance management. The user profile includes the user rights of the RCMonitorUser. RCMonitorUser can just monitor the PLMN:

alarm monitoring status monitoring test management


The RCMonitorUser is the RC standard user. RCConfMgmnt RCFaultMgmnt RCLogMgmnt RCPerfMgmnt. RCSecurityMgmnt RCTestMgmnt allows to execute all RC and PLMN configuration commands allows to access the fault management commands for the RC and PLMN. allows access to the logging management for RC and PLMN. allows to execute all commands for performance management. allows execution of all security commands. allows execution of the test management commands

RCSoftwareMgmnt allows access to the software management commands.

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Fig. 1 Example for a user with authorization profile RCSysAdmin_gsm

Fig. 2 Example for a user with authorization profile RCSysAdmin_umr

MN1783EU11MN_0001
2002 Siemens AG

Siemens

Security management

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Profile Management

MN1783EU11MN_0001
2002 Siemens AG

Siemens

Security management

2.1

Sub-Profiles

The RC system administrator can define his own sub-profiles from the Radio Commander Applications panel.

Fig. 3

10

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Fig. 4

Fig. 5

MN1783EU11MN_0001
2002 Siemens AG

11

Siemens

Security management

Fig. 6

12

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

2.2

Authorization Profiles

Authorization profiles can be managed in a similar way. They depend on sub-profiles:

Fig. 7

Fig. 8

MN1783EU11MN_0001
2002 Siemens AG

13

Siemens

Security management

Fig. 9

14

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

2.3

User Profile

A user profile is defined based on an authorization profile.

Fig. 10

Fig. 11

MN1783EU11MN_0001
2002 Siemens AG

15

Siemens

Security management

Fig. 12

Fig. 13

16

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Preferences

MN1783EU11MN_0001
2002 Siemens AG

17

Siemens

Security management

Preference settings are done from the RC Applications panel. Four sub-panels exist for the definition of

General settings Dialog settings Panel settings Alarm settings

In the sub-panel for General settings selections can be made to determine whether

sound is used, whether the information of session ID and RC Region is displayed or not, and the editor which is used in the system.
The Dialog settings offer:

Action Dialog Defaults:


Defines whether default values (Operator defaults) are automatically loaded in Action dialogs or not. The setting is applied to newly opened dialogs. (Default value: No default values)

Set Dialog Defaults:


Defines whether default values (Current values, System defaults or Operator defaults) are automatically loaded in Set dialogs or not. The setting is applied to newly opened dialogs. (Default value: No default values)

Create Dialog Defaults:


Defines whether default values (System defaults or Operator defaults) are automatically loaded in Create dialogs or not. The setting is applied to newly opened dialogs. (Default value: No default values)

Representation of Service Menu:


Enables to select between two different context menu presentation styles: Area or Actions. The setting is also applied to the context menu of open panels and lists as well as the Administration menu in the RC Applications window. When you select the Area option, the commands are grouped by 'application areas' like Fault Management, Configuration Management, Logging Management or Security Management. The area-specific commands are shown in submenus. When you select the Actions option, all commands are listed in Create, Delete, Get, Set and Action submenus without further grouping.

Sort Order in Comboboxes:


Defines the sort order of the entries in drop-down lists (Alphabetic or Predefined). The setting is applied to newly opened dialogs. (Default value: Alphabetic)

18

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Sort In Groups:
Defines the parameter sort order within a parameter group, i.e. within a tab of an input dialog (Alphabetic or Predefined). The setting is applied to newly opened dialogs. (Default value: Alphabetic)

Fig. 14

Fig. 15

MN1783EU11MN_0001
2002 Siemens AG

19

Siemens

Security management

The Panel settings contain choice boxes for

Help View Activation (Yes activates the textual indication of the state), Fit Mode (Yes adapts the panel size dynamically to the optimum) Auto Save operator specific Panel Data to define whether the operator specific
panel properties are automatically stored when the panel is closed or not.

Play Sound on state Change


Finally, the Alarm Settings panel defines the behavior of the system (e.g. the alarm list) in case of new alarm messages:

Display iconified Alarm List as Popup (when a new alarm message is received), Change Color of Alarm List icon (when a new alarm message is received), Popup Open Alarm List to Workspace (when a new alarm message is received), Acoustic Signal (when a new alarm message is received), Blinked new Alarm (when a new alarm message is received).

20

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Fig. 16

Fig. 17

MN1783EU11MN_0001
2002 Siemens AG

21

Siemens

Security management

22

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Interworking of RC and LMT

MN1783EU11MN_0001
2002 Siemens AG

23

Siemens

Security management

The priorities of access for RC and LMT are defined in the same way as in OBR5.5:

At the BSC, the RC has the higher priority and can block a connected LMT, at BTSE and TRAU the LMT has the higher priority
If an LMT is active at the BSC, the RC operator cannot enter all the commands but will receive a message about the LMT.

24

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Fig. 18

Fig. 19

MN1783EU11MN_0001
2002 Siemens AG

25

Siemens

Security management

26

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Exercise

MN1783EU11MN_0001
2002 Siemens AG

27

Siemens

Security management

28

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Exercise 1
Title: Pre-requisite: Task
Create a new authorization profile! Then create a sub-profile based on this authorization profile! Finally create a user! Creation of profiles login at RC as RCSysadm

MN1783EU11MN_0001
2002 Siemens AG

29

Siemens

Security management

30

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Exercise 2
Title: Task
Set your own preferences! Setting of preferences

MN1783EU11MN_0001
2002 Siemens AG

31

Siemens

Security management

32

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Exercise 3
Title: Pre-requisite: Task
Try handling of the RC with a LMT active at BTSE and TRAU! Try handling of the RC with a LMT active at the BSC! Block and unblock the LMT! RC-LMT interworking LMT active at BTSE or TRAU and at BSC

MN1783EU11MN_0001
2002 Siemens AG

33

Siemens

Security management

34

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Solution

MN1783EU11MN_0001
2002 Siemens AG

35

Siemens

Security management

36

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Solution 1
Title: Pre-requisite: Task
Create a new authorization profile! Creation of profiles login at RC as RCSysadm

Fig. 20

MN1783EU11MN_0001
2002 Siemens AG

37

Siemens

Security management

Then create a sub-profile based on this authorization profile!

Fig. 21

38

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Finally create a user!

Fig. 22

MN1783EU11MN_0001
2002 Siemens AG

39

Siemens

Security management

40

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Solution 2
Title: Task
Set your own preferences! Setting of preferences

Fig. 23

MN1783EU11MN_0001
2002 Siemens AG

41

Siemens

Security management

42

MN1783EU11MN_0001
2002 Siemens AG

Security management

Siemens

Solution 3
Title: Pre-requisite: Task
Try handling of the RC with a LMT active at BTSE and TRAU! Try handling of the RC with a LMT active at the BSC! Block and unblock the LMT! RC-LMT interworking LMT active at BTSE or TRAU and at BSC

Fig. 24

MN1783EU11MN_0001
2002 Siemens AG

43

Siemens

Security management

44

MN1783EU11MN_0001
2002 Siemens AG

Potrebbero piacerti anche