DEFINITY ECS Release 8.2
Administrator’s Guide
555-233-506 Issue 1
April 2000
Features and technical reference
1480Security violations notification
20
Invalid attempts accumulate at diff erent rates in the v a rious s ecu rity arenas (l ogin,
authorization code, remote access, and station security code), depending on
feature usage and the number of users on a server. For this reason, you administer
thresholds separately for each type of violation.
Sequence of events
The following is the sequence of events that occur when an SVN is enabled and a
detects a security violation:
1. SVN parameters are exceeded (the number of invalid attempts permitted in
a specified time interval is exceeded).
2. An SVN referral call (with announcements, if assigned) is placed to a
designated point, and SVN provides an audit trail containing information
about each attempt to access the switch.
3. SVN disables a login ID or Remote Access following the security
violation.
4. The login ID or Remote Access remains disabled until re-enabled by an
authorized login ID, with the correct permissions.
Reporting
The system reports information about security violations in the following ways:
In real time — you can use the monitor security-violations command to
monitor security violations as they may be occurring. Enter this command,
followed by the type of security violation you want to monitor (logins,
remote-access, authorization-codes, or station-security-codes).
On an immediate basis — when a security violation occurs, the system
sends a priority call to a designated referral point (attendant console or
phone). Thus, there is some chance of apprehending the violator during the
attempted violation.
Upon notification, you can request the Security Violations Status Reports,
which show details of the last 16 security violations of each type. The
Barrier Code and Authorization Code reports also include the calling party
number from which the attempt was made, where available.
On a historical basis — the number of security violations of each type, as
well as other security measurements, are collected and displayed in the
Security Violations Summary and Detail reports. These reports show
summary information since the counters were reset by the clear
measurements security-violations command or since system
initialization. They do not show all aspects of the individual security
violations.