Table of Contents
Advertisement
_________________________________________________________________________________________________________
2.5
Security Architecture Authentication and Authorization
Authentication is the act of verifying the user is who they claim to be. Authorization is the
process of giving the user permission to access a specific resource or function. Both functions
are handled by the Authentication, Authorization, and Accounting (AAA) server using multi-
factor authentication.
Airlink device authentication uses (Extensible Authorization Protocol – Transport Layer Security
(EAP-TLS) with X.509 authentication. Local access to the Airlink base station and remote
device is authenticated by role-based usernames and passwords. Access to a device's memory
is read/write restricted according to roles.
Remote access to these devices is controlled via Airlink NMS and Airlink Apollo with secured
authentication SNMPv3, SFTP, and SSHv2. The Airlink NMS and Airlink Apollo (when
accessible remotely) are HTTPS and authenticated through the AAA server. The Airlink system
authenticates devices before establishing network connections. Certification is handled by the
customer, who may configure the AAA server authentication process. The base station and
remote device use role-based authentication when based locally.
There are different levels of authentication within the NMS:
●
Viewer – can view information about the radio equipment.
●
Technician – can view, configure, upgrade, and run diagnostics of radio
equipment; can acknowledge and clear radio equipment-related events; has no
access to radio equipment secured memory or security-related configuration.
●
Technical Manager – can view, configure, upgrade, and run diagnostics of
radio equipment; can acknowledge and clear radio equipment-related events;
has local access to radio equipment secured memory or security-related
configuration.
●
Administrator – can edit users and roles.
NMS users can be restricted by geographic regions.
All Airlink network elements (base stations, remote stations, management software) are initially
configured with a default administrator user and password. Upon initial detection of the
administrator, a new password is enforced. No action is available until the password has been
changed. A strong password is enforced, meaning the password is a minimum of eight
characters and has one or more of the following types:
●
Lower case alphabetic
●
Upper case alphabetic
●
Numeric
●
Special characters (e.g. #, $, @, &)
COM-00-21-05
Version No.: A
2-9
INTRODUCTION
OCTOBER 2021
Advertisement
Table of Contents
