Cisco Cisco Packet Data Interworking Function (PDIF)
System Security
▀ Adding, Modifying and Removing Users
▄ ASR 5000 System Administration Guide, StarOS Release 16
114
Adding, Modifying and Removing Users
It is considered uncommon for a user to be added or removed from the ASR 5x00. Likewise, it is considered uncommon
for a user's privileges to modified. However, if the system is compromised, it is common for attackers to add or remove
a privileged user, raise their privileges or lower the privileges of others.
for a user's privileges to modified. However, if the system is compromised, it is common for attackers to add or remove
a privileged user, raise their privileges or lower the privileges of others.
As a general rule, lower privileged users should not be allowed to increase their privileges or gain access to sensitive
data, such as passwords, which were entered by higher privileged users.
data, such as passwords, which were entered by higher privileged users.
Important:
The ASR 5x00 can only detect changes in users and user attributes, such as privilege level, when
these users are configured through the ASR 5x00.
Notification of Users Being Added or Deleted
Users with low level authorization should not be able to create users with high level authorization. However, if a
malicious actor were to be able to create a high level authorized user, they could then delete the other high level
authorized users, thereby locking them out of the system.
malicious actor were to be able to create a high level authorized user, they could then delete the other high level
authorized users, thereby locking them out of the system.
The following SNMP traps notify an administrator when users are added or removed:
starLocalUserAdded – indicates that a new local user account has been added to the system.
starLocalUserRemoved – indicates that a local user account has been removed from the system.
Notification of Changes in Privilege Levels
Whenever a user's privilege level is increased or decreased, an SNMP notification will be sent out. A malicious actor
may gain access to more privileged commands by somehow promoting” their privileges. Once this is done, they could
then “demote” the privileges of all the other users, thereby locking the proper administrators out of the system.
may gain access to more privileged commands by somehow promoting” their privileges. Once this is done, they could
then “demote” the privileges of all the other users, thereby locking the proper administrators out of the system.
The starLocalUserPrivilegeChanged trap indicates that a local user's privilege level has been changed.
User Access to Operating System Shell
The starOsShellAccessed trap indicates that a user has accessed the operating system shell.