Filter
Top Products
2-7
Cisco BTS 10200 Softswitch Operations and Maintenance Guide, Release 6.0.x
OL-16000-07
Chapter 2 Managing BTS Users and Commands Using EMS
Solaris OS Security and BTShard Package
Solaris OS Security and BTShard Package
This section details the security packages for the BTS 10200 OS. These packages are automatically
installed at installation. These packages are derived from both Sun Microsystems security bulletins and
Cisco internal policies for safety of the OS and its applications. All services can be reactivated for the
lifetime of the current kernel instance. All settings are reset on reboot of the kernel. These settings are
contained in the BTShard Solaris package delivered with the BTS 10200.
• Remove unnecessary UNIX systems services. These services are listed below. Management of these
facilities must allow for each service to be enabled or disabled on an individual basis. This service
management must also be accomplished through the BTS 10200 adapter interface.
–
FTP—FTP server is disabled and SFTP (Secure FTP) should be used. This impacts the Bulk
Data Provisioning interface. It does not impact the Billing Bulk Data transfer. The FTP client
code will still be available on the EMS node.
–
Telnet—This terminal protocol is disabled and SSH (Secure Shell) should be used. The telnet
server and client code are still available on the EMS node.
–
Echo—This service is to be disabled. This capability has been replaced with Internet Control
Message Protocol (ICMP) “ping” facilities.
–
Discard—This service is to be disabled.
–
Printer—This service is to be disabled. No printer services are supplied in the BTS 10200
product description.
–
Daytime—This service is to be disabled.
–
Chargen—This service is to be disabled.
–
SMTP—This service is to be disabled.
–
Time—This service is to be disabled.
–
Finger—This service is to be disabled. No network user facilities are required. The BTS 10200
tracks users internally and on a single BTS basis.
–
Sun RPC—This service is to be disabled. This may be enabled in a lab environment for Tooltalk
usage in debugging application programs.
–
Exec—This service is to be disabled.
–
Login—This service is to be disabled.
–
Shell—This service is to be disabled. This may be required for some lab activity; however, there
is no field usage for rlogin, rcp, and rsh facilities.
–
UUCP—This service is to be disabled.
–
NFS—This service is to be disabled.
–
Lockd—This service is to be disabled.
–
X11—This service is available for the near term only.
–
DTSCP—This service is to be disabled.
–
Font-services—This service is to be disabled.
–
HTTP—This service is to be enabled. This is used by the BTS 10200 to offer results of report
generation. This will migrate to HTTPS.