Securing the NSP

Overview

Nokia recommends performing the following steps to achieve station security for the NSP:

See the NSP System Architecture Guide for NSP RHEL OS compliance with CIS Benchmarks. The supported CIS Benchmark best practices are already implemented on NSP RHEL OS images.

TLS communications

Communications of the NSP is secured using TLS. The NSP supports TLS version TLSv1.2.

The NSP supports the use of custom TLS certificates for client communications with NSP applications. Internal communications between NSP components is secured with internal TLS certificates signed by a local PKI server. The NSP cluster software package provides a PKI server that can be used to simplify the TLS certificate distribution to NSP components.

A NSP cluster will check the expiry date of TLS certificates every 24h and raise an alarm in Network Map and Health dashboard if the certificate is expired or nearing expiry. See the NSP System Administrator Guide for further information.

See the NSP Installation and Upgrade Guide for instructions on the configuration of custom TLS certificates and the provided PKI server application.