1. EAGLE LNP Application Processor Security Guide
  2. ELAP Security Overview

2 ELAP Security Overview

This chapter describes basic security considerations and provides an overview of ELAP security.

2.1 Basic Security Considerations

The following principles are fundamental to using any application securely:

  • Keep software up to date. This includes the latest product release and any patches that apply to it. Consult with your Oracle support team to plan for ELAP software upgrades.
  • Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
  • Monitor system activity. Establish who should access which system components, and how often, and monitor those components.
  • Install software securely. For example, use firewalls, secure protocols such as SSL, and strong passwords.
  • Learn about and use the ELAP security features. See Implementing ELAP Security for more information.
  • Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See the "Critical Patch Updates and Security Alerts" Web site: http://www.oracle.com/technetwork/topics/security/alerts-086861.html

2.2 Overview of ELAP Security

The main functions of the ELAP are:

  • Accept and store data provisioned by the customer from LSMS over the provisioning network
  • Update and reload provisioning data to the EAGLE Service Module cards

The Multi-Purpose Server (MPS) hardware platform supports high-speed provisioning of large databases for the EAGLE. The MPS system is composed of hardware and software components that interact to create a secure and reliable platform.

As shown in Figure 2-1, the MPS supports two types of network address translation (NAT), Port Forwarding and Static Address Mapping. In both cases, the MPS will have private IP addresses that are not available outside of the firewall-protected internal network. The firewall will translate particular addresses and port numbers to the internal addresses for the MPS.

Figure 2-1 Generic ELAP Deployment Model


img/c_elap_security_recommended_deployment_configurations-fig1.jpg

Note:

The addresses in Figure 2-1 are examples. Addresses are not restricted to particular classes/ranges. Port assignments are shown in ELAP Firewall Port Assignments.

The ELAP provides two user interfaces (UIs):

  • Text-based UI
  • Graphical UI (GUI)

Before you can use the GUI, you must use the text-based UI to initialize and configure the ELAP software. For information, see ELAP Initialization and First Configuration and ELAP Software Configuration in Administration and LNP Feature Activation Guide.

Note:

After a fresh installation of ELAP, the GUI is accessible via the HTTPS protocol only, which supports encryption of data exchanged between the web server and the browser. For more information, see ELAP Support for HTTPS on GUI in Administration and LNP Feature Activation Guide.

For more information about the overall design and functions of the ELAP, see the ELAP Functional Description in Administration and LNP Feature Activation Guide.

2.3 Root User Is Disabled for SSH Login

The root user can log in through the serial interface for installation of the application. The root user will not have the permission to log in as an SSH user.

To login as an SSH user, the user admusr is provided. The admusr can run all commands, and when root permissions are required sudo can be used along with admusr.