Securing the NSP

Overview

Nokia recommends performing the following steps to achieve station security for the NSP:

See the NSP System Architecture Guide for NSP RHEL OS compliance with CIS Benchmarks. The supported CIS Benchmark best practices are already implemented on NSP RHEL OS images.

TLS communications

Communications of the NSP is secured using TLS. The NSP supports TLS version TLSv1.2.

The NSP supports the use of custom TLS certificates for client communications with NSP applications. Internal communications between NSP components can be secured with the use of a PKI server which can create, sign and distribute certificates. The NSP cluster software package provides a PKI server that can be used to simplify the TLS certificate distribution to NSP components.

A NSP cluster will check the expiry date of TLS certificates every 24h and raise an alarm in the Fault Management application if the certificate is expired or nearing expiry. See the NSP System Administrator Guide for further information.

See the NSP Installation and Upgrade Guide for instructions on the configuration of custom TLS certificates and the provided PKI server application.