Lucent Technologies Definity Enterprise Communication Server 8.2 User Manual
DEFINITY ECS Release 8.2
Administrator’s Guide
Administrator’s Guide
555-233-506
Issue 1
April 2000
Features and technical reference
1480
Security violations notification
20
Invalid attempts accumulate at different rates in the various security arenas (login,
authorization code, remote access, and station security code), depending on
feature usage and the number of users on a server. For this reason, you administer
thresholds separately for each type of violation.
authorization code, remote access, and station security code), depending on
feature usage and the number of users on a server. For this reason, you administer
thresholds separately for each type of violation.
Sequence of events
The following is the sequence of events that occur when an SVN is enabled and a
detects a security violation:
detects a security violation:
1. SVN parameters are exceeded (the number of invalid attempts permitted in
a specified time interval is exceeded).
2. An SVN referral call (with announcements, if assigned) is placed to a
designated point, and SVN provides an audit trail containing information
about each attempt to access the switch.
about each attempt to access the switch.
3. SVN disables a login ID or Remote Access following the security
violation.
4. The login ID or Remote Access remains disabled until re-enabled by an
authorized login ID, with the correct permissions.
Reporting
The system reports information about security violations in the following ways:
■
In real time
— you can use the
monitor security-violations
command to
monitor security violations as they may be occurring. Enter this command,
followed by the type of security violation you want to monitor (logins,
remote-access, authorization-codes, or station-security-codes).
followed by the type of security violation you want to monitor (logins,
remote-access, authorization-codes, or station-security-codes).
■
On an immediate basis
— when a security violation occurs, the system
sends a priority call to a designated referral point (attendant console or
phone). Thus, there is some chance of apprehending the violator during the
attempted violation.
phone). Thus, there is some chance of apprehending the violator during the
attempted violation.
Upon notification, you can request the Security Violations Status Reports ,
which show details of the last 16 security violations of each type. The
Barrier Code and Authorization Code reports also include the calling party
number from which the attempt was made, where available.
which show details of the last 16 security violations of each type. The
Barrier Code and Authorization Code reports also include the calling party
number from which the attempt was made, where available.
■
On a historical basis
— the number of security violations of each type, as
well as other security measurements, are collected and displayed in the
Security Violations Summary and Detail reports. These reports show
summary information since the counters were reset by the
Security Violations Summary and Detail reports. These reports show
summary information since the counters were reset by the
clear
measurements security-violations
command or since system
initialization. They do not show all aspects of the individual security
violations.
violations.