I’ve got a whole article I’m writing on how to secure a CS1000 (although, not for public distribution), but the fact of the matter is that there are some very simple things that people can do to keep a better watch on what is done in their system. One of the things that can be done is implementing the Audit log.
>ld 22
PT2000REQ prt
TYPE pwd
PWD2PWD
..
.
AUDT YES
SIZE 50
..
.
This combined with the MULTI_USER prompt in LD 17 OVLY data gives you a lot of data about users who enter your system and perform tasks;
REQ prt
TYPE ovlyOVLY
..
.
MULTI_USER ON
The audit log is located in the LD 17 PWD datablock and provides a way of tracking which user account logs in, which interface they connect with and what management overlays they use while logged in.
REQ prt
TYPE audt
LOG TTY #00 11:08 ADMIN2 PWD2 022
You can also modify the TTYLOG prompt on LD 17 ADAN HST and LD 17 ADAN TTY to capture other kinds of information.
The MULTI_USER prompt is very important because setting all users up with individual accounts allows you to perform auditing of what each user does. Restricting all users except the super users (your engineer level users) from accessing LD 17 will also prevent them from modifying your logging settings. A standard Telecom Analyst has no need to access LD 17, although you might give them LD 22 to be able to print any of the configuration information from LD 17.
Follow me on Twitter 