Workflow: manage NE user and device security
Stages
1 |
Specify the type of authentication keys used on the device; for example, SHA or MD5, as part of the device discovery. See “To commission a device for NFM-P management” in the NSP NFM-P User Guide for more information. |
2 |
Create a MAF for each device; see How do I configure a MAF? . |
3 |
Create filter policies for device CPM modules; see How do I configure a CPM filter? . |
4 |
Create NE DoS protection policies, as required to control the amount of subscriber-based control-plane traffic that the NE interfaces receive; see How do I configure an NE DoS protection policy? . |
5 |
View NE DoS protection violations, as required; see How do I view NE DoS protection violations? . |
6 |
Create NE DDoS protection policies, as required to isolate protocols from each other and isolate subscribers so that attacks or misconfigurations affect only the source SAP or protocol; see How do I configure an NE DDoS protection policy? . |
7 |
Configure NE TLS authentication for client NEs, as required; see How do I configure NE TLS client authentication?. |
8 |
Configure NE TLS Authentication for servers, as required; see How do I configure NE TLS server authentication?. |
9 |
Create site user profiles based on job classifications and the access needed to the managed devices; see How do I configure a site user profile? . |
10 |
Create individual site user accounts based on the configured profiles; see How do I configure a user account on a managed device? . |
11 |
Specify password policies for access to managed devices and users; see How do I configure an NE password policy? . |
12 |
Create RADIUS, TACACS+, or LDAP access or security policies for user authentication on the managed device; see How do I configure an LDAP site authentication policy?, How do I configure an NE RADIUS authentication policy?, , How do I configure an NE TACACS+ authentication policy? , or How do I configure an OmniSwitch RADIUS, TACACS+, or LDAP security authentication policy? . |
13 |
View or configure the system security settings on managed NEs; see How do I configure device system security settings? . |
14 |
As required, configure X.509 authentication or a PKI certificate authority profile; see How do I configure and manage PKI site security on an NE? or How do I configure a PKI certificate authority profile? . |
15 |
Configure a PKI Enrolment over Secure Transport profile; see How do I configure an Enrollment over Secure Transport profile?. |
16 |
Perform PKI CMPv2 actions, as required, to obtain or assign keys from a CA; see How do I perform CMPv2 actions? . |
17 |
Perform the following NE system security tasks, as required:
|