User Account and Privilege Levels

[ LiB ]

User accounts are an important configuration feature of the sensor. They allow multiple people to access the sensor and perform the daily duties of monitoring log files and tuning signatures. Cisco's IDS lets you create users with different privilege levels to help control what a user can see and do within the system. The IDS 4.0 currently has four primary roles: administrator, operator, viewer, and service account. The following sections discuss these roles in detail.

Administrator Privilege Level

The administrator role has unrestricted viewing and modification access to the CLI interface on the sensor. Here are only some of the privileges available to individuals working with the administrator role:

Add users, assign passwords, and change privilege levels.
Enable and disable interfaces and interface groups.
Assign physical sensing interfaces to interface groups.
Modify the list of trusted hosts allowed to connect to the sensor.
Modify sensor address configuration.
Tune and modify signatures.

Operator Privilege Level

The operators have the second highest privilege level and have unrestricted view access on the sensor. Following is a list of some of the privileges they can perform:

Modify their passwords.
Tune signatures.
Copy IP logs.
Manage routers.

Viewer Privilege Level

The viewer privilege is the lowest privilege level of the lot. Users with this privilege can perform the following tasks on a sensor:

Modify their passwords.
Copy IP logs.

Service Privilege Level

You should only create the service account, as stated in previous chapters, when Cisco technical support requests it. It allows access to the operating system shell and not the CLI interface shell. Only one account at a time can be set to the service level privilege.

Make sure you remember that only one service level account can exist at one time.

[ LiB ]