Home
>
Lucent Technologies
>
Communications System
>
Lucent Technologies DEFINITY® Enterprise Communication Server Release 8.2 Reports Guide
Lucent Technologies DEFINITY® Enterprise Communication Server Release 8.2 Reports Guide
Have a look at the manual Lucent Technologies DEFINITY® Enterprise Communication Server Release 8.2 Reports Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 413 Lucent Technologies manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
DEFINITY Enterprise Communication Server Release 8.2 Reports Guide 555-233-505 Issue 1 April 2000 Security Violations Reports 5-7 Security Violations Detail Report 5 Security Violations Detail Report The Sec urity Violations Detail Rep ort provid es system manag ement log in data p er log in id entific ation. It relates only to system ad ministration. NOTE: If you rec ently ad d ed log in IDs, these d o not ap p ear in the d etail rep ort (either as suc c essful or not) until the next hourly up d ate or until you enter the c lear measurements sec urity violations c ommand . Similarly, log ins that you remove and are subseq uently used in log in attemp ts, are inc lud ed in the Sec urity Violations Detail Rep ort until the next hourly up date or until you enter the c lear measurements sec urity violations c ommand . Commands Commands are availab le to d isp lay or c lear the Sec urity Violations Detail and Summary rep orts. To display the detail report: 1. Type list measurements security-violations detail [print/schedule] and press RETURN. To reset all c ounters of the Sec urity Violations rep orts to zero: 1. Type clear measurements security-violations and press RETURN. NOTE: The Security Violations Summary Report accumulates data until it is cleared. This report will overflow; therefore, review and clear it at least once a month. Options: The op tions print and schedule are available for these commands.
DEFINITY Enterprise Communication Server Release 8.2
Reports Guide 555-233-505 Issue 1
April 2000
Security Violations Reports
5-8 Security Violations Detail Report
5
Screen
Screen 5-2 shows typ ic al outp ut for the Sec urity Violations Detail Rep ort for G3r
systems. Table 5-2
d esc rib es the d ata fields p resented in the Sec urity Violations
Detail Rep ort.
Screen 5-2. Security Violations Detail Report
list measurements security-violations detail Page 1 SPE A
Switch Name: Definity In-House Date: 1:21 pm MON OCT 21, 19xx
SECURITY VIOLATIONS DETAIL REPORT
Counted Since: 9:42 am TUE OCT 15, 19xx
Successful Invalid
Login ID Port Type Logins Passwords
init SYSAM-LCL 6 0
SYSAM-RMT 0 0
MAINT 0 0
SYS-PORT 191 3
Total 197 3
inads SYSAM-LCL 0 0
SYSAM-RMT 11 1
MAINT 0 0
SYS-PORT 22 1
Total 33 2
press CANCEL to quit -- press NEXT PAGE to continue
DEFINITY Enterprise Communication Server Release 8.2 Reports Guide 555-233-505 Issue 1 April 2000 Security Violations Reports 5-9 Security Violations Detail Report 5 Table 5-2. Security Violations Detail Report Field Description Login ID The log in id entific ation sub mitted b y the p arty attemp ting to login. Log in IDs inc lud e the valid system log in IDs. NOTE: If you see a larg e numb er of invalid attemp ts where an invalid ID is used, this may indic ate unauthorized use by an ind ivid ual who d oes not have ac c ess to valid log in IDs. On the other hand , if the invalid attemp ts involve invalid p assword s b eing used , whoever is trying to break in d oes know the ID. Review the Valid ID attemp ts to see whic h ones had invalid p assword s c onnec ted with them. Port Type The typ e of p ort where log in attemp ts were mad e. G3r: nSYSA M - L C L (SYSA M L o c a l Po r t ): Th i s p o r t o n t h e SYSAM b oard is typ ic ally used as the loc al c onnec tion to the manag ement terminal. It is loc ated in the switc h room. nSYSA M - RM T ( SYSAM Re m o t e Po r t ) : Th e d i a l - u p p o r t o n t h e SYSA M b o a rd i s t y p ic a l ly u s e d b y s e r vi c e s f o r re m o t e maintenanc e and is also used b y the switc h to c all out with alarm information. nMAINT: These p orts on the Exp ansion Port Networks maintenanc e b oard s are typ ic ally used as loc al c onnec tions for on-site maintenanc e performed b y servic es. nSYS- PO RT ( Sys t e m Po r t s) : Th e s e p o r t s a re a c c e s se d b y d ial-up throug h the TDM b us. G3si: nMGR1: The d ed ic ated system ad ministration terminal c onnec tion. nINADS: The Initialization and Ad ministration System p ort nEPN: The EPN maintenanc e EIA p ort. nNET: The network c ontroller d ial-up p orts. Successful LoginsTotal number of times a log in is used suc c essfully to log into the system for the g iven p ort typ e. Invalid PasswordsThe total numb er of log in attemp ts where the attemp ting p arty sub mitted an invalid p assword for the g iven port type and log in ID. Continued on next page
DEFINITY Enterprise Communication Server Release 8.2 Reports Guide 555-233-505 Issue 1 April 2000 Security Violations Reports 5-10 Security Violations Status Reports 5 Security Violations Status Reports The sec urity violations rep orts p rovid e c urrent status information for Log in, Remote Ac c ess (b arrier c ode), or Authorization Cod e or Station Sec urity Code violation attempts. The data displayed by these reports is updated every 30 sec ond s. A total of 16 entries is maintained for eac h typ e of violation. The old est information is overwritten b y new entries at eac h 30-sec ond up d ate. The sec urity violations report is divided into four distinct reports: nLog in Violations nRemote Ac c ess Barrier Cod e Violations nAuthorizations Cod e Violations nStation Sec urity Cod e Violations Login Violations To d etermine log in violations, the system monitors the following p orts: nSystem ad ministration terminal c onnec ted within 50 feet of the system c ab inet nCustomer Sup p ort Servic e Org anization (CSSO) nDial-up p orts that use the switc h fab ric . These are normally used b y C SSO. nExp ansion Port Networks (EPN) Maintenanc e Ports. These p orts are typic ally used as loc al c onnec tions b y servic es for on site maintenanc e. Command To ac c ess Monitor Sec urity Violations rep orts: 1. Type monitor security-violations and press RETURN. Screens This sec tion d esc rib e eac h of the ab ove p ossib le rep orts (log in, remote ac c ess, authorization c od e, and station sec urity c od e) and d esc ribes the data field s p resented in eac h rep ort.
DEFINITY Enterprise Communication Server Release 8.2
Reports Guide 555-233-505 Issue 1
April 2000
Security Violations Reports
5-11 Security Violations Status Reports
5
Security Violations Status—
Login Violations report
Screen 5-3 shows typ ic al outp ut for the Sec urity Violations Status—Log in
Violations rep ort. Table 5-2
d esc rib es the data field s presented in the Sec urity
Violations Status—Log in Violations rep ort.
Screen 5-3. Security Violations Status— Login Violations report (G3si)
--------------------------------------------------------------------------
monitor security-violations login
--------------------------------------------------------------------------
SECURITY VIOLATIONS STATUS
Date: NN:nn DAY MON nn 199n
LOGIN VIOLATIONS
Date Time Login Port Ext
01/08 07:51 root NET-1 4030
01/08 07:51 admin NET-1 4030
01/07 07:52 cust rcust MGR1
--------------------------------------------------------------------------
--------------------------------------------------------------------------
DEFINITY Enterprise Communication Server Release 8.2 Reports Guide 555-233-505 Issue 1 April 2000 Security Violations Reports 5-12 Security Violations Status Reports 5 Security Violations Status— Remote Access Barrier Code Violations report Screen 5-4 shows typ ic al outp ut for the Sec urity Violations Status—Remote Ac cess Barrier Code Violations report. Table 5-4 describes the data fields p resented in the Sec urity Violations Status—Remote Ac c ess Barrier Cod e Violations rep ort. Table 5-3. Login Violations report Field Description Date The date the attempt oc c urred . Time The time the attemp t oc c urred . Login The login string entered as p art of the invalid log in attemp t. An invalid p assword may c ause an invalid attemp t. Entry of an invalid p assword results in an invalid log in attemp t. In this c ase the valid log in ID assoc iated with the attemp t is displayed. Port Type (G3r) Port (G3si)The port on whic h the failed log in session is attemp ted . Ext This field is p resent only on rep orts from G3si systems. The extension assig ned to the network c ontroller b oard on whic h the failed log in session is attemp ted . It c ontains an entry only if the System Ad ministrator’s manag ement terminal is ad ministered throug h a network c ontroller p ort. This field is not p resent on rep orts p rod uc ed b y the G3r.
DEFINITY Enterprise Communication Server Release 8.2
Reports Guide 555-233-505 Issue 1
April 2000
Security Violations Reports
5-13 Security Violations Status Reports
5
Screen 5-4. Remote Access Barrier Code Violations report
Table 5-4. Remote Access Barrier Code Violations
Field Description
Date
The date the attempt oc c urred .
Time
The time the attemp t oc c urred.
TG No
Trunk Group Numb er. The numb er of the remote ac c ess
trunk group over which the barrier c ode is sent.
Mbr
Trunk Group Memb er. The numb er of the remote ac c ess
trunk g roup memb er over whic h the b arrier c od e is sent.
Ext
Ex t e n si o n. The extension used to interfac e with the Remote
Acc ess feature.
Bar-Cd
Barrier Cod e. The inc orrec t b arrier c od e that resulted in the
invalid attempt.
CLI/ANI
Calling Line Id entifier/Automatic Numb er Id entific ation. The
c alling line id entifier or automatic numb er id entific ation,
when availab le on the inc oming messag e, of the p arty
making the invalid attemp t.
--------------------------------------------------------------------------
monitor security-violations remote-access
--------------------------------------------------------------------------
SECURITY VIOLATIONS STATUS
Date: NN:nn DAY MON nn 199n
REMOTE ACCESS BARRIER CODE VIOLATIONS
Date Time TG No Mbr Ext Bar-Cd CLI/ANI
01/08 10:55 31 5 4050 1030 2025551234
01/08 10:54 31 1 4050 2345 5559876
--------------------------------------------------------------------------
--------------------------------------------------------------------------
DEFINITY Enterprise Communication Server Release 8.2
Reports Guide 555-233-505 Issue 1
April 2000
Security Violations Reports
5-14 Security Violations Status Reports
5
Security Violations Status—Authorization
Code Violations report
Screen 5-5 shows typ ic al outp ut for the Sec urity Violations Status—Authorization
Code Violations report. Table 5-5
describes the data fields presented in the
Sec urity Violations Status—Authorization Cod e Violations rep ort.
Screen 5-5. Authorization Code Violations report
--------------------------------------------------------------------------
monitor security-violations authorization-code
--------------------------------------------------------------------------
SECURITY VIOLATIONS STATUS
Date: NN:nn DAY MON nn 199n
AUTHORIZATION CODE VIOLATIONS
Date Time Originator Auth-Cd TG No Mbr Bar-Cd Ext CLI/ANI
01/07 08:33 STATION 1234567 84321
01/06 07:32 TRUNK 1233555 35 14 3035551234
01/03 14:22 REM ACCESS 2222 31 3 3295912 5556789
12/25 16:45 ATTENDANT 1212111 84000
--------------------------------------------------------------------------
--------------------------------------------------------------------------
DEFINITY Enterprise Communication Server Release 8.2 Reports Guide 555-233-505 Issue 1 April 2000 Security Violations Reports 5-15 Security Violations Status Reports 5 Table 5-5. Authorization Code Violations report Field Description Date The date the attempt oc c urred . Time The time the attemp t oc c urred. Originator The typ e of resourc e from whic h the invalid ac c ess attemp t orig inated . Orig inator typ es inc lud e: nSt a t io n nRemote Ac c ess (when the invalid authorization c ode is assoc iated with an attemp t to invoke the Remote Ac c ess feature). nAttend ant Auth-Cd Authorization Cod e. The invalid authorization c od e entered . TG No Trunk Group Numb er. The trunk group numb er of the trunk where the attemp t orig inated . It ap p ears only when the orig inator typ e is “ trunk” or “ remote ac c ess” and an invalid authorization c od e is entered . Mbr Trunk Group Memb er. The numb er of the trunk in the trunk g roup where the attemp t orig inated . Bar-Cd Barrier Cod e. The valid barrier code entered with the invalid authorization c ode. It appears only when an authorization c od e is req uired to invoke Remote Ac c ess, following entry of the barrier code. Ext Ex t e n si o n. The extension assoc iated with the station or attend ant orig inating the c all. It ap pears only when authorization c od e is entered from the station or attendant c onsole. CLI/ANI Calling Line Id entifier/Automatic Numb er Id entific ation. The c alling line id entifier or automatic numb er id entific ation, when availab le on the inc oming messag e, of the p arty making the invalid attemp t.
DEFINITY Enterprise Communication Server Release 8.2
Reports Guide 555-233-505 Issue 1
April 2000
Security Violations Reports
5-16 Security Violations Status Reports
5
Security Violations Status—Station Security Code
Violations report
Screen 5-6 shows typ ic al outp ut for the Sec urity Violations Status—Station
Sec urity Cod e Violations rep ort. Table 5-6
d esc rib es the d ata field s p resented in
the Sec urity Violations Status—Station Sec urity Cod e Violations rep ort.
Screen 5-6. Station Security Code Violations report
Table 5-6. Station Security Code Violations report
Field Description
Date
The date the attempt oc c urred .
Time
The time the attemp t oc c urred.
TG No
Trunk Group Numb er. The trunk group numb er assoc iated
with the trunk where the attemp t orig inated .
Mbr
Trunk Group Memb er. The trunk g roup memb er numb er
assoc iated with the trunk where the attemp t orig inated .
Port/Ext
Po rt / Ext e n s io n. The p ort or extension assoc iated with the
station or attendant originating the call.
FAC
Feature Ac c ess Cod e. The feature ac c ess c od e d ialed that
required a station sec urity c od e.
Dialed
DigitsThe d ig its the c aller d ialed when making this invalid attemp t.
This may allow jud g ement as to whether the c aller is ac tually
trying to b reak in to the system, or is a leg itimate user
making typographic al mistakes.
--------------------------------------------------------------------------
monitor security-violations station-security-codes
--------------------------------------------------------------------------
SECURITY VIOLATIONS STATUS
Date: NN:nn DAY MON nn 199n
STATION SECURITY CODE VIOLATIONS
Date Time TG No Mbr Port/Ext FAC Dialed Digits
01/07 08:33 6 2 123 3001#12345678#
01/01 07:32 01A0301 135 3001#87654321#
01/03 14:22 3 6 124 #5551234#
12/25 16:45 88888 127 980765432112345
--------------------------------------------------------------------------
--------------------------------------------------------------------------