Audit Trail Capacities - Cisco ONS 15454 DWDM Reference Manual

Chapter 13 Security Reference

13.3.2 Audit Trail Capacities

The system is able to store 640 log entries.When this limit is reached, the oldest entries are overwritten
with new events. When the log server is 80 percent full, an AUD-LOG-LOW condition is raised and
logged (by way of Common Object Request Broker Architecture [CORBA]/CTC).
When the log server reaches a maximum capacity of 640 entries and begins overwriting records that were
not archived, an AUD-LOG-LOSS condition is raised and logged. This event indicates that audit trail
records have been lost. Until the user off-loads the file, this event occurs only once regardless of the
amount of entries that are overwritten by the system.
13.4 RADIUS Security
Superusers can configure nodes to use Remote Authentication Dial In User Service (RADIUS)
authentication. RADIUS uses a strategy known as authentication, authorization, and accounting (AAA)
for verifying the identity of, granting access to, and tracking the actions of remote users. To configure
RADIUS authentication, refer to the Cisco ONS 15454 DWDM Procedure Guide.
13.4.1 RADIUS Authentication
RADIUS is a system of distributed security that secures remote access to networks and network services
against unauthorized access. RADIUS comprises three components:
•
•
•
The server runs on a central computer typically at the customer's site, while the clients reside in the
dial-up access servers and can be distributed throughout the network.
An ONS 15454 node operates as a client of RADIUS. The client is responsible for passing user
information to designated RADIUS servers, and then acting on the response that is returned. RADIUS
servers are responsible for receiving user connection requests, authenticating the user, and returning all
configuration information necessary for the client to deliver service to the user. The RADIUS servers
can act as proxy clients to other kinds of authentication servers. Transactions between the client and
RADIUS server are authenticated through the use of a shared secret, which is never sent over the
network. In addition, any user passwords are sent encrypted between the client and RADIUS server. This
eliminates the possibility that someone snooping on an unsecured network could determine a user's
password.
13.4.2 Shared Secrets
A shared secret is a text string that serves as a password between:
•
•
•
78-18343-02
A protocol with a frame format that utilizes User Datagram Protocol (UDP)/IP
A server
A client
A RADIUS client and RADIUS server
A RADIUS client and a RADIUS proxy
A RADIUS proxy and a RADIUS server
13.3.2 Audit Trail Capacities
Cisco ONS 15454 DWDM Reference Manual, R8.5
13-9