Home
>
ATT
>
Communications System
>
ATT DEFINITY Communications System Generic 3 Instructions Manual
ATT DEFINITY Communications System Generic 3 Instructions Manual
Have a look at the manual ATT DEFINITY Communications System Generic 3 Instructions Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 164 ATT manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Security Violation Notification (SVN) Issue 3 March 1996 3-1075 3 Security Violation Notification (SVN) Feature Availability This feature is available on all versions of the DEFINITY Communications System. Description The Security Violation Notification (SVN) feature notifies a designated referral point of a security violation. A designated referral point can be an attendant console, display equipped voice terminal, or voice terminal without display requiring the notification to be by announcement. The SVN feature provides the capacity to disable a valid login ID or remote access following a security violation. The SVN feature also provides an audit trail containing information about each attemp t to access the switch. If disabled, the login ID, or remote access feature remains disabled until re-enabled by a login ID with correct permissions. Sequence of events with the SVN feature enabled and a security violation oc c urs: 1. SVN parameters are exceeded (the number of invalid attempts permitted in a specified time interval is exceeded). 2. A SVN referral call with announcements (announcement message identifying the violation) is placed to a designated point and the SVN feature provides an audit trail containing information about each attempt to a c cess the switch. 3. The SVN feature disables a valid login ID or remote access barrier code following the security violation. 4. The Login ID or Remote Ac cess remains disabled until re-enabled by an authorized login ID, with the correct permissions. SVN Enhancements Referral Call Activation/Deactivation Referral Call Placement is automatic with G3V3, and later releases. SVN referral calls are placed by the system any time a security threshold violation occurs. To stop placement of referral calls, activate these b uttons. NOTE: Calls are placed if these buttons are not activated. nThe login security violation feature button ‘‘lsvn-halt.’’ nThe remote access security violation feature button ‘‘rsvn-halt.’’
Feature Descriptions 3-1076Issue 3 March 1996 nThe authorization c o de security violation feature button ‘‘asvn-halt.’’ Repeated security violations can result in numerous referral calls being ma de in a short period of time. Login ID Kill After ‘‘N’’ Attempts The Login ID Kill After ‘‘N’’ Attemp ts feature p rovides the ability to disable a login ID when a login security violation is d etected for a valid login ID (the numb er of invalid login attempts permitted in a specified time interval is exceeded). If the login security violation parameters are exceeded, the login ID is disabled until re-enabled by a login ID with re-activation permissions. This feature is controlled by an administrable parameter an d is optional on a per-login ID basis. The system default value is to disable a login ID if the SVN feature is active and a security violation occurs. Any attempt to access the switch using a login ID that has been disabled by the Security Violation Notification (SVN) feature fails, even if the correct login ID and password is entered. If the login ID is disabled while logg e d in on another session, once that session is terminated any subsequent attempt to log in using that login ID is prohibited. SVN referral calls are placed by the system each time a login security violation occurs. A disabled login ID remains disabled until it is re-enabled by a login ID with reactivation permissions. A major alarm is log g ed whenever a security violation is detected involving an AT&T services login ID and that login ID has been disabled as a result of the security violation. AT&T is responsible for retiring the alarm. Remote Access Kill After ‘‘N’’ Attempts The Remote Access Kill After ‘‘N’’ Attempts SVN feature provides the ability to disable the Remote Access feature when a remote a c cess b arrier code security violation is detected (the numb er of invalid Remote Access attempts permitted in a specified time interval is exceeded), and the “Disable Following a Security Violation” field is enabled. Any attempt to use the Remote Ac cess feature once it has been disabled fails, even if a correct barrier code or barrier code/authorization code c ombination is given. SVN referral calls are placed by the system any time a Remote Ac cess security violation occurs. The Remote Access feature remains disabled until re-enabled by a login ID with re-activation permissions. Authorization Code Security Violation The Authorization Code Security Violation feature g enerates a referral call upon detection of a violation. An audit trail containing relevant information about each attempt is registered.
Security Violation Notification (SVN) Issue 3 March 1996 3-1077 SVN Referral Call With Announcement The SVN Referral Call with Announcement option has the capacity to provide a recorded message identifying the type of violation accompanying the SVN referral call. Using Call Forwarding, Call Coverage, or Call Vector Time-of-Day Routing (to route to an extension or a number off the switch), SVN referral calls with announcements can terminate to a point on or off the switch. Use of other means to route SVN referral calls to alternate destinations are not supported at this time. An attempt to use an alternate method to route SVN referral calls may result in a failure to receive the call or to hear the announ cement. Monitor Security Violations Report The security violations reports p rovide current status information for invalid Login or Remote Ac cess (barrier c o de) or Authorization Code attempts. The data displayed by these reports is up dated every 30 seconds. A total of 16 entries is maintained for each type of violation. The oldest information is overwritten by the new entries at each 30-se cond update. When a login is added or removed, the Security Measurements reports are not up d ated until the next hourly p oll, or a clear measurements security-violations command is entered. The security violations report is divided into three distinct reports: nLogin Violations nRemote Access Barrier Code Violations nAuthorizations Code Violations To access Monitor Security Violations reports, enter the command interface command monitor security-violations . The report names are ‘‘login,’’ remote-access,’’ and ‘‘authorization-code.’’ The following fields are displayed on the Login Violation report: nDate: The date the attempt occurred. nTime: The time the attempt occurred. nLogin: The login string entered as part of the login violation attempt. An invalid password may cause a security violation. If a valid login ID causes a security violation by entering an incorrect password , the Login Violation report displays the valid login ID. nPort: The port on which the failed login session was attempted. The following a b breviations are used for G3i: —MGR1: The dedicated management terminal connection (the EIA connection to the maintenance board). —NET-N: A network controller dialup port (1-4). —EPN: The EPN maintenance EIA port. —INADS: The INADS port (Initialization and Administration System).
Feature Descriptions 3-1078Issue 3 March 1996 —EIA: Other EIA ports. The following a b breviations are used for G3r: —SYSAM-LCL: Local administration to Manager 1. —SYSAM-RMT: Dial up port on SYSAM board, typically used by services for remote maintenance, and used b y the switch to c all out with alarm information. —SYS-PORT: System ports accessed through TDM bus. —MAINT: Ports on exp ansion p ort network maintenance boards, used as a local connection for onsite maintenance. nExt: The extension assigned to the network controller board that the failed login session was attemp ted on. This field is present only in the case where the System Manager’s SAT is administered through a network controller port. The following fields are displayed on the Remote Access Violations report: nDate: The date that the attempt occurred. nTime: The time that the attempt occurred. nTG No: The trunk group number associated with the trunk where the remote access attempt terminate d. nMbr: The trunk group member number associated with the trunk where the remote access attempt terminated. nExt: The extension used to interface with the Remote Access feature. nBarrier Code: The incorrect barrier code that resulte d in the invalid attemp t. The following fields are displayed on the Authorization Code Violations report: nDate: The date that the attempt occurred. nTime: The time that the attempt occurred. nOriginator: The type of resourc e originating the call that generate d the invalid authorization code access attempt. Originator typ es include: — Station. — Trunk (other than a trunk assigned to a remote access trunk group). — Remote Access (when the invalid authorization code is associated with an attempt to invoke the Remote Access feature). — Attendant. nAuth Code: The invalid authorization code entered. nTG No: The trunk group number associated with the trunk where the attempt terminated. It appears only when an authorization code is used to access a trunk.
Security Violation Notification (SVN) Issue 3 March 1996 3-1079 nMbr: The trunk group member number associated with the trunk where the attempt terminated. It a p pears only when an authorization code is used to access a trunk. nBarrier Code: The incorrect barrier code that resulte d in the invalid attempt. It a p pears only when an authorization code is entered to invoke Remote Access. nExt: The extension associated with the station or attendant originating the call. It appears only when authorization code is entered from the station or attendant console. Administering SVN System Parameters To activate SVN system features, three sets of system level parameters must be administered: nSVN Login Violation Notification nSVN Remote Ac c ess Violation Notification nSVN Authorization Code Violation Notification Refer to the SVN Referral Call With Announcement section on page 3-1077. Administering the SVN Login Security Violation Notification Feature To administer the login component of the SVN feature, enter the change system-parameters security c ommand. To administer system p arameters for the login component of the SVN feature violation notification: 1. Access the “System Parameter Security” form by entering the change system-parameters security command from the command line interface. 2. When the “SVN Login Violation Notification Enabled” field is enabled, the following fields appear on the “ Security-Related System Parameters” form: nOriginating Extension Requires the entry of an unassigned extension local to the switch and conforms to the d ial plan for the purpose of originating and identifying SVN referral calls for login security violations. The originating extension initiates the referral call in the event of a login security violation. It also sends the a ppropriate alerting message or display to the referral destination.
Feature Descriptions 3-1080Issue 3 March 1996 nReferral Destination This field requires an entry of an extension, assigned to a station, attendant console, or vector directory number (VDN) that receives the referral call when a security violation occurs. If a VDN is assigned the Time-of-Day routing capability, Call Vectoring may be used to route the referral call to different destinations based on the time of day or the day of the week. The referral destination must be equip ped with a display module unless the Announcement Extension is assigned. Administration of the Announcement Extension is also required if the referral destination is a VDN. nLogin Threshold This field requires an entry of the minimum number of login attempts that are permitted before a referral call is made. The value assigned to this field, in conjunction with the “ Time Interval” field, determines whether a security violation has occurred. The system default is 5. nTime Interval This field requires the entry of the time interval in which a login security violation must o ccur. The range for the time interval is one minute to eight hours (0:01 to 7:59), and is entered in the form ‘‘xx:xx.’’ For example, if you want the time interval to be one minute, you enter 0:01. If you want the time interval to be seven and one-half hours, you enter 7:30. The system d efault is 0:03. nAnnouncement Extension This field requires an entry of a extension that is assigned to an SVN announcement. 3. Administer an ‘‘lsvn-halt’’ button on any station/attendant console (maximum 1 per system). The SVN button location can be determined by entering the command display svn-button location. Enable/Disable a Login ID The “Disable a Login ID Following a Security Violation” field on the “Login Administration” form is used to set the SVN parameters for a single login. When set to ‘‘y’’ (yes) this SVN disables the specified login ID (system default is y). When set to ‘‘n’’ the SVN feature does not disable the specified login ID if a security violation is d etected for the login ID. The “Disable a Login ID Following a Security Violation” field is dynamic and only appears on the “Login Ad ministration” form when the login component of the SVN feature is enabled. To enable a login ID that has been disabled by a security violation, or disabled manually with the command disable login the user must: 1. Log in to the switch using a login ID with the correct permissions. 2. Enter the command enable login .
Security Violation Notification (SVN) Issue 3 March 1996 3-1081 To disable a login ID, the user must: 1. Log in to the switch using a login ID with the correct permissions. 2. Enter the command disable login . List the Status of a Login ID To list the status of a login ID, the user must: 1. Log in to the switch using a login ID with the correct permissions. 2. Enter the command list login. You see a display indicating the status of the s pecified login ID. A login ID status can be listed as: nLogin ID status equals disabled indicating that the login ID was disabled manually using the disable login command. nLogin ID status equals svn-disabled indicating that a security violation was detected for that login ID and the login was disabled by the SVN feature. nLogin ID status equals active indicating that the login ID is currently logged in. nLogin ID status equals inactive indicating that the login ID is not logged in. Administering Remote Access Security Violation Notification Parameters To administer the Remote Access component of the SVN feature: 1. Access the “System Parameter Security” form by entering the change system-parameters security command from the command line interface. 2. Enable the Remote Ac cess comp onent of the feature by entering a ‘‘y’’ in the “ SVN Remote Access Violation Notification” field on the “ System Parameters Security” form. 3. When the “ SVN Remote Access Violation Notification Enabled” field is enabled, the following additional fields ap p ear on the “ Security-Relate d System Parameters” form: nOriginating Extension This field requires the entry of an unassigned extension that is local to the switch and conforms to the dial plan for the purpose of originating and identifying SVN referral calls for remote access barrier c o de violations.
Feature Descriptions 3-1082Issue 3 March 1996 The originating extension initiates the referral call in the event of a Remote Ac c ess security violation. It also sends the appropriate alerting message or display to the referral destination. nReferral Destination This field requires an entry of an extension, assigned to a station, attendant console, or vector directory number (VDN) that receives the referral call when a security violation occurs. If a VDN is assigned the Time-of-Day routing capability, Call Vectoring may be used to route the referral call to different destinations based on the time of day or the day of the week. The referral destination must be equip ped with a display module unless the Announcement Extension is assigned. Administration of the Announcement Extension is also required if the referral destination is a VDN. nBarrier Code Threshold This field requires an entry of the minimum number of remote access barrier c o de attempts that are permitted before a referral call is made. The value assigned to this field, in conjunction with the “ Time Interval” field, determine whether a security violation has occurred. The system default for Barrier code threshold is 10. nTime Interval This field requires the entry of the time interval in which the remote access barrier code attempts must occur. The range for the time interval is one minute to eight hours (0:01 to 7:59), and is entered in the form ‘‘xx:xx.’’ For exam ple, if you want the time interval to be one minute, you enter ‘‘0:01.’’ If you want the time interval to be seven and one-half hours, you enter ‘‘7:30.’’ The system default is 0:03. nAnnouncement Extension This field requires an entry of a extension that is assigned to the SVN remote access barrier code violation announcement. 4. Administer an ‘‘rsvn-halt’’ button on any station or attendant console (maximum 1 per system). The SVN button location can be determined by entering the command display svn-button-location. Enable/Disable Remote Access Code To enable remote access that has been disabled following detection of a remote access security violation, or disabled manually with the command disable remote access, the user must: 1. Log in to the switch using a login ID with the correct permissions. 2. Enter the command enable remote access.
Security Violation Notification (SVN) Issue 3 March 1996 3-1083 To disable Remote Access, the user must: 1. Log in to the switch using a login ID with the correct permissions. 2. Enter the command disable login. Administering Authorization Code Security Violation Parameters To administer the Authorization Code component of the SVN feature, the user must: 1. Access the “System Parameter Security” form by entering the change system-parameters security command from the command line interface. 2. When the “ SVN Authorization Code Violation Notification Enabled” field is enabled, the following additional fields ap p ear on the “ Security-Relate d System Parameters” form: nOriginating Extension This field requires the entry of an unassigned extension that is local to the switch and conforms to the dial plan for the purpose of originating and identifying SVN referral calls for authorization code security violations. The originating extension initiates the referral call in the event of a authorization code security violation. It also sends the appropriate alerting message or display to the referral destination. nReferral Destination This field requires an entry of an extension, assigned to a station, attendant console, or vector directory number (VDN) that receives the referral call when a security violation occurs. If a VDN is assigned the Time-of-Day routing capability, Call Vectoring may be used to route the referral call to different destinations based on the time of day or the day of the week. The referral destination must be equip ped with a display module unless the Announcement Extension is assigned. Administration of the Announcement Extension is also required if the referral destination is a VDN. nAuthorization Code Threshold This field requires an entry of the minimum number of invalid authorization code security violations attempts that are permitted before a referral call is made. The value assigned to this field in conjunction with the “Time Interval” field, determines whether a security violation has occurred. The system default for authorization code security violations threshold is 10.
Feature Descriptions
3-1084Issue 3 March 1996
nTime Interval
This field requires the entry of the time interval in which the
authorization c o de se curity violations must occur. The range for the
time interval is one minute to eight hours (0:01 to 7:59), and is
entered in the form ‘‘x:xx.’’ For example, if you want the time
interval to be one minute, you enter ‘‘0:01.’’ If you want the time
interval to be seven and one-half hours, you enter ‘‘7:30.’’ The
system default is 0:03.
nAnnouncement Extension
This field requires an entry of a extension that is assigned to an
SVN authorization c o de announcement.
3. The SVN button location can be determined by entering the command
display svn-button-location
Screen 3-40. Monitor Security Violations Report (Login)
--------------------------------------------------------------------------
monitor security-violations login
--------------------------------------------------------------------------
SECURITY VIOLATIONS STATUS
Date: NN:nn DAY MON nn 199n
LOGIN VIOLATIONS
Date Time Login Port Ext
01/08 07:51 root NET-1 4030
01/08 07:51 admin NET-1 4030
01/07 07:52 system technician MGR1
--------------------------------------------------------------------------
--------------------------------------------------------------------------