Modifying Intercepts; Adding, Modifying And Removing Users; Notification Of Users Being Added Or Deleted; Notification Of Changes In Privilege Levels - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
System Security
If no information related to LI server addresses is received for that subscriber, LI server addresses will not be
restricted.
Important
Important
Modifying Intercepts
One LI administrator can access and/or modify the intercepts created by another LI administrator. Whenever
an intercept is added, removed or modified, an event log is displayed across LI administrators about the change.
An SNMP trap is also generated.
Adding, Modifying and Removing Users
It is considered uncommon for a user to be added or removed from the ASR 5x00. Likewise, it is considered
uncommon for a user's privileges to modified. However, if the system is compromised, it is common for
attackers to add or remove a privileged user, raise their privileges or lower the privileges of others.
As a general rule, lower privileged users should not be allowed to increase their privileges or gain access to
sensitive data, such as passwords, which were entered by higher privileged users.
Important
Notification of Users Being Added or Deleted
Users with low level authorization should not be able to create users with high level authorization. However,
if a malicious actor were to be able to create a high level authorized user, they could then delete the other high
level authorized users, thereby locking them out of the system.
The following SNMP traps notify an administrator when users are added or removed:
• starLocalUserAdded – indicates that a new local user account has been added to the system.
• starLocalUserRemoved – indicates that a local user account has been removed from the system.
Notification of Changes in Privilege Levels
Whenever a user's privilege level is increased or decreased, an SNMP notification will be sent out. A malicious
actor may gain access to more privileged commands by somehow promoting" their privileges. Once this is
A maximum of five LI server addresses are supported via an authenticating agent.
The ability to restrict destination addresses for LI content and event delivery using RADIUS attributes is
supported only for PDSN and HA gateways.
The ASR 5x00 can only detect changes in users and user attributes, such as privilege level, when these
users are configured through the ASR 5x00.
ASR 5000 System Administration Guide, StarOS Release 21.1
Modifying Intercepts
115
Advertisement
Table of Contents
Troubleshooting
