Lucent Technologies Release 7 User Manual
DEFINITY Enterprise Communications Server Release 7
Maintenance for R7r
Maintenance for R7r
555-230-126
Issue 4
June 1999
Maintenance Object Repair Procedures
9-981
LOG-SVN (Login Security Violation)
9
d. The affected login ID will be disabled as a result of detection of the
security violation, unless it is the last enabled INADS type login on the
system. The provision to disable a login ID following detection of a security
violation involving that login ID is administerable on a login ID basis.
system. The provision to disable a login ID following detection of a security
violation involving that login ID is administerable on a login ID basis.
e. The enable login command is used to both enable a login that has been
disabled, and to retire any login security violation alarms associated with
the login ID.
the login ID.
f. Use of the enable login command to enable a login and/or retire alarms
must be executed using a login ID with greater service level hierarchy
permissions.
permissions.
g. Access to the enable login command is controlled through the Administer
Permissions field on the Command Permission Categories form. This field
(Administer Permissions) must be set to "y" to access the enable login
command.
(Administer Permissions) must be set to "y" to access the enable login
command.
h. The
Port alarm report field will set to the port where the final invalid login
attempt, involving the alarmed login ID, was detected. Valid port values for
G3i products include:
G3i products include:
— MGR1 — Dedicated manager 1 or G3 management terminal
connection
— NET-n — Network controller dial up port
— INADS — INADS port
— EPN — EPN maintenance EIA port
— EIA — Other EIA port
Valid port value for G3r products include:
— SYSAM _LOC — Local administration port
— SYSAM _RMT — Remote administration port
— SYS_PORT — System Port
— MAINT — Maintenance port
i. The
Svc State alarm report field will be set to OUT if the login ID is in the
disabled state as a result of detection of a security violation involving the
login ID. Once the login ID has been enabled, the field will be set to IN.
login ID. Once the login ID has been enabled, the field will be set to IN.
j. The source or reason of the failed login attempts should be identified and
the cause corrected prior to re-enabling a login ID and/or retiring any
alarms associated with the login ID. The cause may be something as
innocuous as the failure of Lucent services automatic login software, to
something as insidious as a hacker attempting to gain access to the
switch system management interface.
alarms associated with the login ID. The cause may be something as
innocuous as the failure of Lucent services automatic login software, to
something as insidious as a hacker attempting to gain access to the
switch system management interface.
Prior to retiring an SVN alarm and enabling the associated login ID, the monitor
security-violations login command can be used to access information about
the invalid login attempts that caused the security violation. This information can
security-violations login command can be used to access information about
the invalid login attempts that caused the security violation. This information can