DEFINITY ECS Release 8.2 Maintenance for R8.2csi
555-233-119 Issue 1
April 2000
Maintenance Objects
3-761LOG-SVN (Login Security Violation)
3
d. The affected login ID will be d isabled as a result of detec tion of the
security violation, unless it is the last enab led INADS type login on the
system. The provision to disable a log in ID following detec tion of a security
violation involving that login ID is ad ministrable on a login ID ba sis.
e. The enable login command is used to both enable a login that has been
disabled, and to retire any login security violation alarms assoc iated with
the login ID.
f. Use of the enable login command to enable a log in and/or retire alarms
must be executed using a login ID with greater service lev el hierarchy
permissions.
g. Access to the enable login command is c ontrolled through the
Administer Permissions field on the Command Permission
Categories form. This field (Administer Permissions) must be set to y to
access the enable log in command.
h. The Port alarm report field will set to the port where the final invalid log in
attempt, involving the alarmed login ID, was detec ted. Valid port values for
the CMC include:
MGR1 — Ded icated manager 1 or G3 manag ement terminal
connection
NET-n — Network controller d ial up port
INADS — INADS port
EPN — EPN main tenanc e EIA p ort
—EIA Other EIA port
i. The Svc State alarm report field will be set to OUT if the login ID is in the
disabled state as a result o f detection of a security vio lation involving the
login ID. Once the login I D has been enabled, the field is set to IN.
j. The source or reason of the failed login attempts sh ould be identified an d
the cause corrected prior to re-enabling a log in ID and/or retiring any
alarms associated with the log in ID. The cause may be something as
innocuous as the failure of the services automati c login software, to
something as insidious as a hac ker attempting to gain access to the
switch system management interfa ce.
The login ID associated with that alarm is displayed in the Alt Name field of the
alarm report.
Prior to retiring an SVN alarm and enabling the assoc iated login ID, the monitor
security-violations login command c an be used to acc ess information about
the invalid login attempts th at caused the security violation. This information c an
be useful in determining the source of the invalid attempts and analyzing why
they occurred.