Workflow: manage NE user and device security

Stages
 

Specify the type of authentication keys used on the device; for example, SHA or MD5, as part of the device discovery. See “To commission a device for NFM-P management” in the NSP NFM-P User Guide for more information.


Create a MAF for each device; see How do I configure a MAF? .


Create filter policies for device CPM modules; see How do I configure a CPM filter? .


Create NE DoS protection policies, as required to control the amount of subscriber-based control-plane traffic that the NE interfaces receive; see How do I configure an NE DoS protection policy? .


View NE DoS protection violations, as required; see How do I view NE DoS protection violations? .


Create NE DDoS protection policies, as required to isolate protocols from each other and isolate subscribers so that attacks or misconfigurations affect only the source SAP or protocol; see How do I configure an NE DDoS protection policy? .


Configure NE TLS authentication for client NEs, as required; see How do I configure NE TLS client authentication?.


Configure NE TLS Authentication for servers, as required; see How do I configure NE TLS server authentication?.


Create site user profiles based on job classifications and the access needed to the managed devices; see How do I configure a site user profile? .


10 

Create individual site user accounts based on the configured profiles; see How do I configure a user account on a managed device? .


11 

Specify password policies for access to managed devices and users; see How do I configure an NE password policy? .


12 

Create RADIUS, TACACS+, or LDAP access or security policies for user authentication on the managed device; see How do I configure an LDAP site authentication policy?, How do I configure an NE RADIUS authentication policy?, , How do I configure an NE TACACS+ authentication policy? , or How do I configure an OmniSwitch RADIUS, TACACS+, or LDAP security authentication policy? .


13 

View or configure the system security settings on managed NEs; see How do I configure device system security settings? .


14 

As required, configure X.509 authentication or a PKI certificate authority profile; see How do I configure and manage PKI site security on an NE? or How do I configure a PKI certificate authority profile? .


15 

Configure a PKI Enrolment over Secure Transport profile; see How do I configure an Enrollment over Secure Transport profile?.


16 

Perform PKI CMPv2 actions, as required, to obtain or assign keys from a CA; see How do I perform CMPv2 actions? .


17 

Perform the following NE system security tasks, as required:

  1. Delete security policies; see How do I delete a security policy? .

  2. Unlock user accounts that are locked due to failed login attempts; see How do I manually unlock a user account? .

  3. Clear the password history for a user on a managed object; see How do I clear the password history of a user on a managed device? .

  4. Perform CPMv2 certificate administration actions; see How do I perform CMPv2 actions? .

  5. Clear collected statistics information on a CPM filter; see How do I clear collected statistics on a CPM filter? .

  6. Clear OCSP cache entries on an NE; see How do I manage OCSP cache entries on an NE? .