• Topic ID: id_13106161
  • Version: 2.5
  • Date: Jul 5, 2019 11:18:59 PM

Customer password management process

This document describes the process of how to manage the root password for those customers that are looking to improve the security level of their system. It also contains information on how to generate a more robust password to reduce the security risk which simple passwords present.

Figure 1. Process overview

Customer consultation

When the customer or GE initiates this process, the GE FE is to coordinate a customer consultation to discuss password provisions. As a result of that meeting, the following process (Sections 2 through 5) must be followed to complete the password change accurately.

note: Many systems have the ability to enable NIS (Network Information Service), a feature that uses a central server to authenticate logins. This means passwords for some accounts are managed by the customer in their database and not on the product itself. If NIS is enabled then some passwords may still get changed, however this will require additional technical conversations with the customer so online engineers should get included in these situations.

Identify new password(s)

The customer may request specific passwords. If this is the case, get the passwords from the customer and move on to Change device password(s).

If a new password is to be created, the FE should do so in the following ways:

  • If required, use customer rules and guidelines for password creation.
  • If the customer does not have a defined set of rules or guidelines, use the following guidelines to develop a strong password:
    • Must be 8 characters minimum.
    • Cannot be blank or left as the default.
    • Should contain a mix of numbers, alpha, and special characters.
    • Must not be made up solely of dictionary words.
    • May contain the system ID with at least 1 more character.
    • Should not be the same value at different sites.
note:

Each account on a single system should have a unique password. For example, the "root" and "insite" accounts should have different password values from each other. Using the same password for multiple accounts on a system will remove roll-based access and decrease the level of security on a system.

For productivity, the same password value for a single account can be used on multiple systems at a site or customer. For example, the "insite" user could have the same non-default password value on 3 different systems in a hospital. However, make sure not to use the same value over multiple sites or across a region, because that would essentially duplicate the original default value problem this service note attempts to resolve.

Good password examples Bad password examples
!414555MR5

4$42CTAW

#big996622LS16

 414555MR5

operator

123456789a

Change device password(s)

After the password is identified, the FE should make the password changes on the device following the detailed instructions for either the LINUX Operating System (For linux operating systems) or the IRIX Operating System (For IRIX operating systems).

For linux operating systems

For root owner level

  1. Open a Shell
    1. Login as root owner
    2. Type: su<Enter>
    3. Type: root password<Enter>
      note: It is possible that the customer changed the default password. If you cannot log in, contact the customer for the correct password.
    4. Type: passwd<Enter>
      1. New LINUX account password: Password Identified in Section 2<Enter>
      2. Retype new LINUX account password: Password Identified in Section 2<Enter>
  2. Type: exit<Enter> (To exit root level)
  3. Type: exit<Enter> (To close the shell)
  4. Continue to change sdc or signa password or proceed to Update Password(s) in Connectivity Database.

For sdc or signa owner level

  1. Open a Shell

    1. Login as sdc or signa
    2. Type: sdc or signa<Enter>
    3. Type: sdc/signa password<Enter>
    4. Type: passwd<Enter>
      1. New LINUX account password: Password Identified in Section 2<Enter>
      2. Retype new LINUX account password Password Identified in Section 2<Enter>
  2. Type: Exit (To exit sdc or signa level)
  3. Type: Exit (To close the shell)
  4. Proceed to Update Password(s) in Connectivity Database. (Or continue to change insite password)

For insite owner level

  1. Open a Shell and Login as insite:
    1. Type: insite<Enter>
    2. Type: insite password<Enter>
    3. Type: passwd<Enter>
      1. New LINUX account password: Password Identified in Section 2<Enter>
      2. Retype new LINUX account password: Password Identified in Section 2<Enter>
  2. Type: exit<Enter> (To exit insite level)
  3. Type: exit<Enter> (To close the shell)
  4. Proceed to Update Password(s) in Connectivity Database.

For IRIX operating systems

note: All passwords for all users must be done from root level.

Open a Shell and login as root owner:

  1. Type: su<Enter>
  2. Type: current root password<Enter>
  • For sdc or signa Owner Level:
    1. Type: passwd sdc<Enter> or passwd signa<Enter>
      1. Type the new IRIX account password: Password Identified in Section 2<Enter>
      2. Retype new IRIX account password Password Identified in Section 2<Enter>
    2. Type: exit<Enter> (To exit root level)
    3. Type: exit<Enter> (To close the shell)
    4. Continue to change root password or proceed to Update Password(s) in Connectivity Database.

  • For root Owner Level:

    1. Type: passwd<Enter>
      1. Type the new IRIX account password: Password Identified in Section 2<Enter>
      2. Retype new IRIX account password Password Identified in Section 2<Enter>
    2. Type: exit<Enter> (To exit root level)
    3. Type: exit<Enter> (To close the shell)
    4. Continue to change insite password or proceed to Update Password(s) in Connectivity Database
  • For insite Owner Level:
    1. Type: passwd insite<Enter>
      1. Type the new IRIX account password: Password Identified in Section 2<Enter>
      2. Retype new IRIX account password Password Identified in Section 2<Enter>
    2. Type: exit<Enter> (To exit root level)
    3. Type: exit<Enter> (To close the shell)

    4. Proceed to Update Password(s) in Connectivity Database.

Update Password(s) in Connectivity Database

To checkout the system password follow the this procedure:

  1. To re-checkout the system password, select the most appropriate procedure for your region:
    Region Contact Info
    AMERICAS (US, Canada and LatAm) USCAN toll-free Connectivity Support/Checkout direct number: 877-842-1132
    EU and EMEA Connectivity Support (OLC support line): +33 1 30 83 13 00 Then select from menu: Connectivity, and Broadband & checkout.
    APAC Japan - Connectivity Support: 0120-596-919 ROA – contact OLE or connectivity champion for re-checkout for that area.
    China You can reach at 800-810-8188 /400 812-8188 to get either connectivity team support on connectivity issue or OLE for system checkout/re-checkout.
    India You can reach at 1800 102 7750 (India Call Center) ext 4 for support or for system checkout/re-checkout.
  2. Inform the technician you are making password changes. Provide the System ID, and ask them to do a checkout with all the new password values.
  3. The checkout technician will verify the system ID and new password values. To reduce miscommunication of the password verbally, consider using the phonetic alphabet. shown in Table 1.
  4. The technician will run a checkout and password verification procedure to update the password(s) and inform you when the process is complete.
Table 1 Phonetic alphabet
A - Alpha B - Bravo C - Charlie D - Delta
E - Echo F - Foxtrot G - Golf H - Hotel
I - India J - Juliet K - Kilo L - Lima
M - Mike N - November O - Oscar P - Peter
Q - Quebec R - Robert S - Sierra

T

- Tango
U - Umbrella V - Victor W - Whiskey X - X-Ray
Y - Yankee Z - Zulu

Communicate new password(s)

After completing the checkout, follow your customer’s guidelines for password communication and storage. Inform the customer of the new passwords with the exception of those used for remote service only (e.g. insite). If the customer approves, write down the new passwords and store them in a secure location on site. Sample password log form to place in a logbook or tape inside a cabinet. In the situation where a customer wants to know more about what GE does with passwords, escalate to the service security team (http://supportcentral.ge.com/products/sup_products.asp?prod_id=24038)

Deviations

In the case where a customer directly calls the OLC requesting a password update, the online engineer should follow the same steps outlined in this document. Some online engineers have access to make password changes in the back office databases, so they may execute Update Password(s) in Connectivity Database themselves without calling the checkout team.

note: Make sure to email a copy of the case to the site primary field engineer to complete Communicate new password(s). This will ensure that local service has documentation of the change to access the system.