You have accessed an older version of a Paradyne product document.

Similar documents
exchange Call Center Agent Guide

COMSPHERE 6700 SERIES NETWORK MANAGEMENT SYSTEM SNMP PROXY AGENT FEATURE

3Com exchange Call Center Agent User Guide

OPUSeries Build 19 Revenue Management Operations Manual

MODEL 7520 DSU USER S GUIDE. Document No A2-GB May 1998

V7350 Unified Messaging Suite User Guide

RemoteWare OS/2 Client

PaperClip32. Revision 2.0

VMp Technical Support Phone: Online request:

BCM 4.0 Personal Call Manager User Guide. BCM 4.0 Business Communications Manager

Nortel Networks Integrated Call Director

Solar Eclipse Scheduler. Release 9.0

Software 1.0 July AVI-SPL GETTING STARTED GUIDE. AVI-SPL PresenceVMR. MyRPCloud Portal for Administrators

First Access Express OPERATOR GUIDE

AT&T Conferencing Add-in for Microsoft Outlook

TALKBACK INTERCOM SYSTEM V-2926 OPTION BOARD

Programming Manual KX-TVA50 KX-TVA200. Voice Processing System. Model

equestionnaire User Guide

Insbridge Enterprise Rating RateManager User Guide

Programming Manual KX-TVA50 KX-TVA200. Voice Processing System. Model

Inventory Module & Wireless Device. User Quick Start Guide

Release for Microsoft Windows

Avaya Unified Messenger Client User Guide

E-FORM GETTING STARTED GUIDE THE COMPLETE ELECTRONIC TAX FORM DVD

RealTime Merchant SM (RTM) Marriott User s Guide

Programming Manual KX-TVA50 KX-TVA200. Voice Processing System. Model No.

DMR Conventional Radio. SIP Phone Application Notes

RCT Express. Administrator Training Manual. Version 4.3

Avaya MultiService Software Update Manager User Guide

FOCUS ON: DATABASE MANAGEMENT

Integrated Conference Bridge Professional

Fixed Income Clearing Corporation

Using Spectralink 84-Series Phones with Microsoft Lync Server 2010

963 User Guide. Issue 1/D 1/4/04 Part No: TC200635

KMnet Viewer. User Guide

Oracle Utilities Smart Grid Gateway Adapter Development Kit

User Manual Version

PlanetPress Search User Guide.

Call Center Management Information System CC MIS Getting Started Guide (Supervisor Interface)

AT&T Voice DNA Receptionist User Guide

SCM Express Application Manual

vbound User Guide vbound User Guide Version Revised: 10/10/2017

INTRODUCTION 1.1 ABOUT THIS GUIDE What is Mission Control. Business Online POP Mail Who this Guide is For What s in This Guide

Oracle Utilities Mobile Workforce Management

Oracle Fail Safe. Release for Microsoft Windows E

Multi-NVR Manager. Quick Start Configuration Usage

HikCentral Control Client. User Manual

Avaya Software Update Manager User Guide

Novell Identity Manager

Deploying Lookout with IBM MaaS360

Impact Attendant for Windows PC Attendant Console User s Guide For The DXP, DXP Plus and FX Series Digital Communications Systems

ACCESS SYSTEM Test System 2000 Release Notes

Schema Inspector Utility User's Guide VERSION Copyright 2015 Jade Software Corporation Limited. All rights reserved.

Aeonix Contact Center

First Data Global Gateway SM Virtual Terminal User Manual

Tivoli Management Solution for Microsoft SQL. Event Monitoring. Version 1.1

Swyx Skin Editor - User Documentation

Oracle Communications Session Delivery Manager

Full User Manual and Quick Start Guide

E-Report. User Manual

Oracle Utilities Smart Grid Gateway Adapter for Itron OpenWay

Payment Solutions MyCardRules. MyCardRules Mobile App. User Guide. Release 3.1

Scopia Management. User Guide. Version 8.2. For Solution

Virtual Communications Express Admin Guide: Call Recording

Corrigo WorkTrack Client. Windows Mobile. User s Guide

Configuration Guide for Microsoft Internet Connection Sharing

Oracle Utilities Smart Grid Gateway Adapter for Echelon

Oracle Communications Network Charging and Control. Number Portability Service Pack User's Guide Release

Quick & Simple Imaging. User Guide

Installation Guide. Tivoli Decision Support 2.0

Online Submission Tool: Packet Management

EMC ApplicationXtender Web Access

User's Manual. Access Control System. Version April 2001

SteelCentral Insights for SteelConnect Users Guide

Document Signing Certificate Getting Started Guide

FaxTalk FaxCenter Pro Version 9.0 Because your faxes are important! Copyright Thought Communications, Inc. All rights reserved worldwide. Th

SIMATIC HMI. Software RemoteOperate V2. Preface. Overview 1. Range of functions of the RemoteOperate software. Hardware and software requirements

Registering a Card and Creating an Account on

Carbonite Server Backup Portal 8.5. Administration Guide

PROMISE ARRAY MANAGEMENT ( PAM) FOR FastTrak S150 TX2plus, S150 TX4 and TX4000. User Manual. Version 1.3

ASIC-200 Version 5.0. integrated industrial control software. HMI Guide

Oracle Insurance QuickView Service Ordering User Guide. Version 8.0

BUSINESS GROUP ADMINISTRATOR. Spectrum Business Voice. Business Group Administrator. Quick Start Guide SpectrumBusiness.

Startel Soft Switch Configuration

CSSN Scanshell.Net USER GUIDE

ShoreTel User s Guide for Nokia

Allworx User s Guide. (Release 7.3)

VIP-102B IP Solutions Setup Tool Reference Manual

EMC Ionix Network Configuration Manager Version 4.1.1

MITEL. Mobile Extension. Mobile Client Handset User Guide Release 1.7

Vendor Registration and Training

RAS (Remote Administration System)

AD Summation. Administration Guide. WebBlaze

Polycom RealPresence Access Director System, Virtual Edition

Jenzabar EX 4.5. Getting Started Guide for Administrators and Users

mymmx tc Android User Guide

User Manual Customer Interaction Express 3.3 TaskFlow Editor

CentreWare DP User Guide

Residential Voice SUBSCRIBER GUIDE

1 Siebel Attachments Solution Overview

Transcription:

You have accessed an older version of a Paradyne product document. Paradyne is no longer a subsidiary of AT&T. Any reference to AT&T Paradyne is amended to read Paradyne Corporation.

Paradyne 6700-A2-GB41-10 Issue 2 July 1996 COMSPHERE 6700 Series Network Management System Security Manager Feature Supplement Printed on recycled paper

Important Regulatory Information COMSPHERE 6700 Series Network Management System Security Manager Feature Supplement 6700-A2-GB41-10 2nd Edition (July 1996) Changes and enhancements to the product and to the information herein will be documented and issued as a new release or a limited revision of this manual. A customer opinion form is provided at the front of this publication and your comments are appreciated. If the form has been removed, address comments to AT&T Paradyne Corporation, Technical Publications, 8545 126th Ave. N., P.O. Box 2826, Largo, Florida, U.S.A. 34649-2826. AT&T Paradyne may use or distribute any of the information supplied, as appropriate, without incurring any obligation whatsoever. Trademarks All products and services mentioned herein are the trademarks, service marks, registered trademarks or registered service marks of their respective owners. COPYRIGHT 1996 AT&T Paradyne Corporation. All rights reserved. Printed in U.S.A This publication is protected by federal copyright law. No part of this publication may be copied or distributed, transmitted, transcribed, stored in a retrieval system, or translated into any human or computer language in any form or by any means, electronic, mechanical, magnetic, manual or otherwise, or disclosed to third parties without the express written permission of AT&T Paradyne Corporation, 8545 126th Avenue North, P.O. Box 2826, Largo, Florida 34649-2826. AT&T Paradyne Corporation makes no representation or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for a particular purpose. Further, AT&T Paradyne Corporation reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation of AT&T Paradyne Corporation to notify any person of such revision or changes. A

Important Regulatory Information Important Safety Instructions 1. Read and follow all warning notices and instructions marked on the product or included in the manual. 2. General purpose cables are provided with this product. Special cables, which may be required by the regulatory inspection authority for the installation site, are the responsibility of the customer. 3. When installed in the final configuration, the product must comply with the applicable Safety Standards and regulatory requirements of the country in which it is installed. If necessary, consult with the appropriate regulatory agencies and inspection authorities to ensure compliance. B

Preface Objectives and Reader Assumptions............ iii How to Use This Manual....................... iii Related Documents........................... iv Ordering Information..................... iv 1 Introduction Overview.................................... 1-1 Software Description.......................... 1-1 Customer-Supplied Equipment................. 1-4 2 Network Configuration Overview.................................... 2-1 Configuring the Network Elements.............. 2-2 Configuring a Contact List................. 2-2 Configuring a Device Group............... 2-8 Configuring the Network Alerts................. 2-14 Configuring Event Controls for Call Security........................ 2-14 Configuring System Attributes and Options....... 2-21 Setting System Options................... 2-21 Defining NMS Users..................... 2-22 Defining System Colors................... 2-23 Configuring Call Security...................... 2-24 Defining VF Passwords................... 2-24 Using Security Control.................... 2-30 i

3 Displays Overview.................................... 3-1 Event Monitor................................ 3-1 Action.................................. 3-2 Sort................................... 3-5 Include................................. 3-6 Control................................. 3-7 Info................................... 3-7 4 Reports Overview.................................... 4-1 Configuration................................ 4-1 Contact................................. 4-1 Device Groups.......................... 4-2 VF Security............................. 4-4 Event Control Priorities Report................. 4-6 Event History................................. 4-7 ii

Objectives and Reader Assumptions This supplement describes how to use the COMSPHERE 6700 Series Network Management System (NMS) Security Manager feature. It is assumed that you have a basic understanding of modems and their operation, that you are knowledgeable about data communications, that you are familiar with Windows terminology and conventions, and that you have installed and can operate the COMSPHERE 6700 Series NMS software. How to Use This Manual Chapter 1 provides an overview of the Security Manager feature. Chapter 2 provides information about the changes to configuration with the Security Manager feature. Chapter 3 provides information on changes to Displays with the Security Manager feature. Chapter 4 provides information on changes to Reports with the Security Manager feature. The Glossary provides a description of the terms pertaining to the Security Manager feature. iii

Preface Related Documents 3000-A2-GA31 3810-A2-GB91 6700-A2-GY31 COMSPHERE 3000 Series Carrier, Installation Manual COMSPHERE 3800 Series Modems, Models 3810, 3811, and 3820, User s Guide COMSPHERE 6700 Series Network Management System, User s Guide Ordering Information To order AT&T Paradyne documentation, please call 1-800-545-2354 extension 2222. To order AT&T documentation, please call 1-800-432-6600. iv

1 Overview The Security Manager feature is an enhancement to the COMSPHERE 6700 Series Network Management System (NMS) which supports the call security features of the COMSPHERE 2400 Series and COMSPHERE 3800 Series devices. The 6700 Series NMS is described in the COMSPHERE 6700 Series Network Management System User s Guide. This supplement is designed to be used in conjunction with the user s guide. The changes and additions to the basic NMS software product are described in this supplement in the same logical flow as in the user s guide, e.g., applicable chapter titles are the same in both manuals. For ease of use, repetition of information between manuals has been kept to a minimum. Therefore, it is suggested that you have the user s guide available when referencing this supplement. Software Description The Security Manager feature is designed to be used in conjunction with NMS and the call security features of the 2400 Series and 3800 Series devices. The Security Manager feature provides the following functionality enhancements to the 2400 Series and 3800 Series device call security features: A new 2400/3800 Series device alert, Access Security Alarm. This alert is generated by the device and can appear on any display that shows device alerts. New call failure status codes supported in call statistics. 1-1

Introduction Calls monitored for security violations. Additional security for login ID and time of day access verification. Creation and maintenance of a security database within each device. Download of the security database to the devices. Recording to an event history file. The Security Manager is used to perform the following functions to configure a 2400/3800 Series device for security use: Configuring security event priorities and actions. Configuring all Voice Frequency (VF) passwords used by 2400/3800 Series devices. Configuring all login IDs and passwords used by 2400/ 3800 Series devices. Configuring device security groups to link login passwords and VF passwords with selected 2400/ 3800 Series devices. Configuring 2400/3800 Series devices security options, such as prompts. Downloading of login and VF passwords to 2400/ 3800 Series devices. The following dial access procedure is an example of how the Security Manager feature works in conjunction with a 2400/ 3800 Series device: Procedure 1. A remote device is commanded to dial a local 2400/ 3800 Series device. The dial command used contains a VF password, such as ATD 530-9999W12345678, which causes the remote device to dial 5309999 and wait for a dial tone. 2. The local 2400/3800 Series device answers the call and responds with a dial tone. 1-2

Introduction 3. The remote device receives the dial tone and then dials 12345678 (the VF password). 4. The local 2400/3800 Series device verifies the VF password using Dual Tone Multi-Frequency (DTMF) tones against its internal password table. If the password is invalid, the device disconnects the line and a disconnect message is sent to the Security Manager. If the password is valid, the local 3800 Series device trains up with the remote device. 5. The VF password used contains a flag indicating whether an additional login/password sequence must be performed. If no additional sequence is required, then the local 2400/3800 Series device allows the remote device to access the Data Terminal Equipment (DTE) connection and send a connect message to the Security Manager. If an additional sequence is required: The local 2400/3800 Series device prompts the remote device (through the remote device s terminal or computer) for User ID, if this function is enabled via a device option. The remote device s user enters a login ID. The local 2400/3800 Series device receives the login ID and then prompts for a login ID password. The local 2400/3800 Series device receives the login ID password and verifies it with its internal password table. Up to five attempts to enter a password can be made, after which the local device will disconnect and send a message to the Security Manager. If the VF and DTE passwords match, you only have one attempt to enter it before the device is disconnected. 6. When the Security Manager receives a connect message containing call security information from the local 2400/3800 Series device, the call security information is added to the event history file and the VF login ID and password reported by the device are 1-3

Introduction verified. If any of the following occur, an event is registered with the Security Manager: The login ID is invalid. The password is invalid for the login ID. The login ID is not allowed to access the Security Manager at this time of day. 7. When the local 2400/3800 Series device sends a disconnect message containing call security information to the Security Manager: The call security information is added to the event history file. An internal event is generated to the Security Manager. 8. When the Security Manager generates an internal event: The event control record is checked to determine the event s priority and what action should be taken (e.g., busy out the local device, disconnect the local device, take no action, etc.). Any automatic action taken is logged to the event history file. All applications sensitive to security events will be notified and will update their displays. Customer-Supplied Equipment The following list contains recommended enhancements to your PC environment to adequately support the Security Manager feature: An 80 Mb hard disk drive, minimum. A 120 Mb hard drive is recommended. COMSPHERE 6700 NMS Software, Release 2.0.0 or greater is installed. COMSPHERE 3800 Series Firmware, Release A3.30.00 or greater is installed. 1-4

2 Overview This chapter describes several additional network elements that you must configure when you have the Security Manager feature. These elements are: Event Control VF Passwords Security Control In addition, there are changes to the following network elements for the Call Security feature: Contact List Device Groups Network Alerts System Attributes and Options When you are ready to set up security for your network, select Config from the Main Menu. A pull-down menu displays four commands used for network configuration: NetWork, Alerts, and System, plus the Call Security command which is available with the Security Manager feature (see Figure 2-1). 2-1

Figure 2-1. Configuration Menu Commands Configuring the Network Elements The Security Manager feature provides enhancements to the following network elements described in Chapter 5, Network Configuration, of the COMSPHERE 6700 Series Network Management System User s Guide: Contact List expanded to keep track of security login IDs. Device Group expanded to include device security groups. These enhancements are described in the following paragraphs. Configuring a Contact List To configure a contact list, complete the input form using the following steps: Procedure 1. Select Config from the Main Menu. 2. Choose NetWork from the Config menu. 3. Choose Contact Lists from the NetWork cascading menu. The Contact List Configuration input form (Figure 2-2) displays. 2-2

Figure 2-2. Contact List Configuration Input Form 4. Enter the requested data into the fields on the Contact List Configuration input form. 5. Choose Save or one of the other commands from the Action menu (see Table 2-1). 2-3

Table 2-1. Action Commands (Contact List) (1 of 2) Action Commands Functions Procedures Save Clear Delete Change Contact Name Set Access Time Default Print Stores the contents of the input form to the network database. Use this command for updating or adding device security groups to the database. Removes the current field entries of the input form without affecting the network database. Removes the security group name from the network database. Changes the contact name throughout the network database. Resets the access time default values to those that are currently displayed. Prints the contact list information currently displayed. If Show Passwords is checked, then the password(s) for the contact name is printed. 1. Complete the input form. 2. Choose Save. 1. Choose Clear. 1. Access an existing security group name on the input form. 2. Choose Delete. 1. Access an existing contact list. 2. Choose Change Contact Name. 3. Enter the new contact name in the dialog box. 4. Choose OK. 1. Access an existing contact name on the input form. 2. Change the access times. 3. Choose Set Access Time Default. 1. Access an existing name on the input form. 2. Choose Print, or 1. Complete the input form. 2. Choose Save. 3. Choose Print. 2-4

Table 2-1. Action Commands (Contact List) (2 of 2) Action Commands Print All Show Passwords Functions Prints the contact information currently stored in the database. If Show Passwords is checked, then the password(s) for the contact name is printed. Permits the display and/or printing of passwords associated with the contact name. Procedures 1. Access an existing name on the input form. 2. Choose Print All, or 1. Complete the input form. 2. Choose Save. 3. Choose Print All. Select or deselect Show Passwords. A check mark indicates that the option is enabled. In addition to the Contact Name, Address, Telephone, and Comments fields, the Security Manager feature provides the following additional fields: Login ID An optional field (eight characters) that contains the alphanumeric characters (required if the device option is enabled). The login ID must be unique. Entry of a login ID enables the Login Password and Access Times fields, as well as the Security Group/# Passwords list box. Login Password A required field that contains the password required for you to log in to the Security Manager. These characters are displayed as asterisks (***) unless you have selected Show Passwords from the Action menu. If you wish NMS to generate the login password, choose Generate from the Configuration Contact List menu bar to automatically generate a random, 6-character password. 2-5

Access Times A control used to indicate when the user owning the login ID and password entered is permitted to access the 6700 network. The control shows seven days divided into 24-hour periods. Boxes displayed in light gray indicate that the user who has logged in cannot access the network during those times ( off condition) without causing an Invalid Access Time security event. Times appearing in black indicate an on condition, meaning the user is permitted to access the network during those times. The default value for all times is off. To change the valid access times, do one of the following: Click on each box individually (or press the Spacebar) to toggle the condition setting. Select a group of time boxes by dragging the mouse to enclose boxes in a selection rectangle (or use the Arrow keys). The box you start dragging from determines the on/off condition of the other boxes selected. Clicking the mouse on the selected boxes (or pressing the Spacebar) sets their condition to the opposite of the setting for the time box in the upper left corner within the rectangle. Click on a day of the week name (or press the Spacebar) to set the condition for the entire day to the condition selected for the 00 hour. Choose Set Access Time Default from the Action menu to reset the access time default values to those that you have just set on the screen. Security Group/# Passwords This list box displays all security groups with which the contact is associated. Also shown are the number of passwords associated with each security group. To change the security groups listed in this box, select the Security Groups button. The window shown in Figure 2-3 displays. 2-6

Figure 2-3. Security Group Selections Window To add a security group to the Selected Groups list box: Procedure 1. Select the group from the All Security Groups list box. 2. Choose the Add button. 3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is added to the Selected Groups list box and is removed from the All Security Groups list box, and appears on the Contact List input form (Figure 2-2). 4. Choose Save to save your selection. 2-7

To remove a security group from the Selected Groups list box: Procedure 1. Select the group from the Selected Groups list box. 2. Choose the Remove button. 3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is removed from the Selected Groups list box and appears in the All Security Groups list box and on the Contact List input form (Figure 2-2). 4. Choose Save to save your selection. Configuring a Device Group A device group is a user-defined category that identifies a set of devices. The Device Groups command allows you to create, change, delete, or print device group configuration information. The Security Manager feature expands this function to provide the logical link between a group of devices and a list of security passwords. Using the device security group makes it easier to configure more than one device with exactly the same set of passwords and security options. NOTE: A device can be a member of only one security group at any one time. To create or change device group configuration, complete the Device Groups Configuration input form (Figure 2-4) by entering information in the appropriate fields. Use the commands from the Action menu to complete configuration. Use the Download menu to download all passwords and security modes assigned to the group name to the devices. If specific devices are selected, then the download only affects these devices. If no devices are selected, then the download affects the all of the devices in the group. 2-8

Figure 2-4. Device Groups Configuration Input Form To configure a device group, complete the input form by using the following steps: Procedure 1. Select Config from the Main Menu. 2. Choose NetWork from the Config menu. 3. Choose Device Groups from the NetWork cascading menu. The Device Groups Configuration input form (Figure 2-4) displays. 4. Enter the information requested into the form. 2-9

In addition to the fields listed to configure a device group, use the following procedure to complete the Device Groups Configuration input form when configuring a device security group (refer to the COMSPHERE 6700 Series Network Management System User s Guide for more information about device groups): Procedure 1. If the group listed in the Group Name field is a security group, place a check in this box. This enables the Security Passwords in Group box, the Answer Security Mode list box, the Auto Dialer Security box, and the Reporting Modes list box, as well as the Download menu item. 2. Choose Show Passwords from the Action menu if you want passwords to be displayed and/or printed. 3. View the Security Passwords in Group box to see the list of all VF (shown in italics) and DTE password names associated with the security group. This includes the maximum number of passwords that can be associated with this security group (standalone devices can have a maximum of 20 passwords, carrier devices can have a maximum of 3000 passwords). Two bold entries listed in the same line indicate that the VF and DTE passwords match. To add or remove passwords in this list, choose Passwords. The Select Groups Passwords window displays (Figure 2-5). 4. To add VF and/or DTE passwords to the selected passwords list, select the appropriate VF/DTE passwords and choose Add. To remove passwords from the selected passwords list, select the appropriate VF/DTE passwords and choose Remove. If the VF and DTE passwords match, both entries must be selected. In either case, choosing OK confirms your selection, while choosing Cancel closes the selection dialog box without making any changes. 2-10

Figure 2-5. Select Group Passwords Window 5. To control which passwords will be required by the devices in the security group when an incoming call is answered, use the Answer Security Mode drop-down list box. Disabled indicates that inbound security is disabled. DTE Only indicates that the modem requires the call originator to provide a DTE login password. VF and DTE indicates that both VF and DTE passwords are required by the devices in the security group. VF with Matching DTE indicates that a specific VF will always require a specific DTE. The entries cannot be mismatched. When VF with matching DTE is in effect, you must select a VF entry and its matching DTE entry from the All Available Password list boxes and add them to the Selected Passwords list box. Both entries will be displayed on the same line in bold in the Selected Passwords and Security Passwords in Group list boxes. The appropriate device option must be enabled before the device will prompt the user for a login ID. 2-11

6. To control access to the dialers for all devices in the security group, use the Auto Dialer Security box. If enabled, the modem requires the call originator to issue a special command to enable the dial command to enable the dial command before this command can be issued. If disabled, dial commands can be issued without restriction. 7. To have failed calls reported to the Security Manager, check the Call Failure box (this is the default). 8. To have successful calls reported to the Security Manager, check the Call Success box (this is the default). 9. Choose Save or one of the other commands from the Action menu (see Table 2-2). 10. Choose Download from the Device Groups menu bar to download all passwords and/or security modes assigned to the security group identified in the Group Name field. To download to selected devices in a security group, select those devices from the Devices in Group box. To download to all devices in the security group, do not select any specific devices. The download is limited to those devices in the security group with the security feature installed. NOTE: A download busies-out all selected devices that are currently idle. All devices that are connected at the time that a download is requested are downloaded without interrupting primary data. The busy-out condition is removed after the download is completed. 2-12

Table 2-2. Action Commands (Device Security Groups) (1 of 2) Action Commands Functions Procedures Save Delete Change Print Stores the contents of the input form to the network database. Use this command for updating or adding device security groups to the database. Removes the security group name from the network database. Changes the security group name throughout the network database. Prints the security group information currently displayed. If Show Passwords is checked, then the password(s) for the security group name is printed. 1. Complete the input form. 2. Choose Save. 1. Access an existing security group name on the input form. 2. Choose Delete. 1. Access an existing security group name on the input form. 2. Choose Change. 3. Enter the new security group name in the dialog box. 4. Choose OK. 1. Access an existing name on the input form. 2. Choose Print, or 1. Complete the input form. 2. Choose Save. 3. Choose Print. 2-13

Table 2-2. Action Commands (Device Security Groups) (2 of 2) Action Commands Print All Show Passwords Functions Prints the security group information currently stored in the database. If Show Passwords is checked, then the password(s) for the security groups are printed. Permits the display and/or printing of passwords associated with security groups. Procedures 1. Access an existing name on the input form. 2. Choose Print All, or 1. Complete the input form. 2. Choose Save. 3. Choose Print All. Select or deselect Show Passwords. A check mark indicates that the option is enabled. Configuring the Network Alerts To define the device alerts and security events that the network will monitor, select Config from the Main Menu and then Choose Alerts and Events. The Security Manager feature adds the new device alert Access Security to the existing alert controls for device and model. This alert indicates that a user has successfully logged into the Security feature of a device by using its front panel. This alert can only be cleared by the user. In addition, the Event Controls Call Security function is added. Configuring Event Controls for Call Security The event control function enables you to control what actions are initiated by the Security Manager and the priority level assigned to the call security events. Table 2-3 describes each security event and their default values. 2-14

Table 2-3. Call Security Event Descriptions (1 of 5) Event Description Event Definition Event Source Event Duration Event Priority Auto Actions VF Login OK A remote user has gained access using a valid node password. Modem Duration No Event None User Login OK A remote user has gained access using a valid security password. Modem Duration No Event None User Login Rejected: 3 Retries Failed User Login Rejected: Password Time Out A remote user has attempted access and did not enter a valid security password in three attempts. A remote user has attempted access but did not enter a security password before the time-out period expired. Modem Duration Minor None Modem Duration Minor None 2-15

Table 2-3. Call Security Event Descriptions (2 of 5) Event Description Event Definition Event Source Event Duration Event Priority Auto Actions User Login Aborted: Line Disconnected VF Login Rejected: Password Invalid VF Login Rejected: Password Time Out VF Login Aborted: Line Disconnected A remote user has attempted access but the connection was dropped before the user entered a security password. A remote user has attempted access using an invalid node password. A remote user has attempted access but did not enter a node password before the time-out period expired. A remote user as attempted access but the connection was dropped before the user entered a node password. Modem Duration Major None Modem Duration Major None Modem Duration Minor None Modem Duration Major None 2-16

Table 2-3. Call Security Event Descriptions (3 of 5) Event Description Event Definition Event Source Event Duration Event Priority Auto Actions User Login OK: Multiple Password Retries A remote user has gained access using a valid security password, but multiple attempts were required to enter a valid password. Security Manager Duration Major None Login ID and Password Combination Invalid A remote user has gained access using a valid security password, but the valid login ID entered is not valid for the security password entered. Security Manager Duration Critical Disconnect Invalid Login ID, Password Valid for Device A remote user has gained access using a valid security password, but the login ID entered is not valid. Security Manager Duration Critical Disconnect 2-17

Table 2-3. Call Security Event Descriptions (4 of 5) Event Description Event Definition Event Source Event Duration Event Priority Auto Actions Invalid Access Time A remote user has gained access using a valid security password, but the access time is not valid. Security Manager Duration Critical Disconnect User Login Hack. Multiple Sequential Password Retries A remote user has gained access using a valid security password, but to do so required entry of multiple passwords each separated by a numeric value of one. Security Manager Until Cleared by Operator Critical Busy Out Device Security Table Invalid The security password table maintained by the device is invalid and must be downloaded. Security Manager Duration Critical None Security Download in Progress The security password table for the device indicated is being downloaded. Security Manager Duration Minor None 2-18

Table 2-3. Call Security Event Descriptions (5 of 5) Event Description Event Definition Event Source Event Duration Event Priority Auto Actions Security Download Failed The security password download has failed. The system has tried to perform the download three times prior to this event. Security Manager Until Download Started or Device Deleted Critical Reset & Busy Out Front Panel Modification A user has made changes to the modem security via the front panel. Modem Duration Critical None Make Busy Mode The device is currently busied out. This may have been done by the Security Manager. Device Duration As per Alert Controls None To change the security event default values, use the following procedure: Procedure 1. Select Config from the Main Menu. 2. Choose Alerts and Events from the Config menu. 3. Choose Event Controls Call Security from the Alerts and Events cascading menu. The Event Controls Call Security window displays (Figure 2-6). 2-19

4. Select the priority (Critical, Major, Minor, or No Event) for each event. Your selection determines sort order and differentiates the severity of the event by color. 5. Select the automatic action to be taken by the Security Manager. Table 2-4 lists the auto actions available. 6. Choose Save or one of the other commands from the Action menu. Action commands for events are the same as those for alerts. Refer to the COMSPHERE 6700 Series Network Management System User s Guide. Figure 2-6. Event Controls Call Security Window 2-20

Table 2-4. Event Control Security Manager Auto Actions Auto Action Busy Out Download Disconnect Ignore None Reset Description The Security Manager commands the reporting device to disconnect the telephone connection, then go into a busy out state. The device is busied out and its security table is downloaded. Only valid for the Device Security Table Invalid event. The Security Manager commands the reporting device to disconnect the telephone connection. The event will be ignored by the NMS. The Security Manager will take no automatic action. The device is busied out and all of its security table assignments are cleared. Configuring System Attributes and Options To configure the system attributes and options,choose Config from the Main Menu and then Choose System. This menu allows you to define the operational criteria for NMS. The Security Manager feature provides the additional operation criterion, Collect Event History. The Collect Event History system option enables you to control the purging of the call event history. Setting System Options The new System Options input form is shown in Figure 2-7. 2-21

Figure 2-7. System Options Input Form Select the check box to the left of the Collect Event History field, then make your selection in the number range field: Collect Event History Select the check box if you want NMS to record all security events in an event history file. The event history can then be displayed or printed via the Event History Report. Use the number range field to select the number of days to keep active history records (Default = 30 days). Defining NMS Users User Profile commands allow you to define the NMS users and their system privileges. A user who has the User Profile privilege can assign or change User IDs, passwords, and system privileges for all other users on NMS. The Security Manager provides an additional privilege, Call Security. Users without the User Profile privilege can change only their own User ID, password, and comments. 2-22

The new User Profile Configuration input form is shown in Figure 2-8. Figure 2-8. User Profile Configuration Input Form Select the check box next to the Call Security field. Call Security A Security Manager privilege that allows you to change NMS call security parameters and to cause these changes to occur in devices. If the check box is not selected, you are limited to displaying call security information; you cannot change it. Defining System Colors The Security Manager feature adds a new color group for security events. System colors are used to distinguish event priorities. The default colors are listed in Table 2-5. 2-23

Table 2-5. Event Priorities System Colors Group Color Group Elements Default Colors Events Configuring Call Security Call Security enables you to define VF Passwords and to control the operation of the NMS security features. Defining VF Passwords You can require that the COMSPHERE 2400 Series and 3800 Series devices receive a valid password before training. This is a VF password which is a series of DTMF signals, generated by either a telephone or by adding a password to the end of a dial command to the calling modem. A device uses this VF password to verify that the remote calling device is permitted access. To create VF passwords, complete the Call Security VF Passwords input form and use the Action commands (Table 2-6). 2-24

Table 2-6. Action Commands (VF Passwords) (1 of 2) Action Commands Functions Procedures Save Delete Clear Change VF Password Name Stores the contents of the input form to the network database. Use this command for updating or adding VF password names to the database. Removes the VF Password name and all associations from the network database. Removes the current field entries of the input form without affecting the network database. Changes the VF Password name throughout the network database. 1. Complete the input form. 2. Choose Save. 1. Access an existing VF Password name on the input form. 2. Choose Delete. 1. Choose Clear. 1. Access an existing VF Password name on the input form. 2. Choose Change. 3. Enter the new VF Password name in the dialog box. 4. Choose OK. Print Prints the VF Password name information currently displayed. If Show Passwords is checked, then the password(s) for the VF Password name is printed. 1. Access an existing name on the input form. 2. Choose Print, or 1. Complete the input form. 2. Choose Save. 3. Choose Print. 2-25

Table 2-6. Action Commands (VF Passwords) (2 of 2) Action Commands Print All Show Passwords Functions Prints the VF Password information currently displayed. If Show Passwords is checked, then the password(s) for the VF Password name is printed. Permits the display and/or printing of passwords associated with VF Password names. Procedures 1. Access an existing name on the input form. 2. Choose Print All, or 1. Complete the input form. 2. Choose Save. 3. Choose Print All. Select or deselect Show Passwords. A check mark indicates that the option is enabled. To define VF Passwords, perform the following steps: Procedure 1. Select Config from the Main Menu. 2. Choose Call Security from the Config menu. 3. Choose VF Passwords from the Call Security menu. The VF Passwords input form displays (Figure 2-9). 2-26

Figure 2-9. VF Passwords Input Form 4. Enter the following information in the fields on the VF Passwords input form by either: Using the selection list button to the right of the field to access existing field entries, or Typing the information in the field, then pressing Tab. For the VF Password field only, you can choose Generate from the VF Passwords menu to automatically generate an 8-digit password. VF Name A label (eight characters maximum) that is unique to the network and used to identify the VF Password. VF Password A password (eight digits maximum) that is unique to the network and used to allow the remote device to gain access to the training sequence of a local device. 2-27

Comments An optional field for additional VF Password name information (maximum 40 characters). Access Type An optional field that indicates any additional security that is necessary when the VF Password is used. Select one of the following: VF Only Select this option to require only the VF password from the remote device to gain access to the DTE side of the local device. User Login Select this option to require a valid security login password from the remote device in addition to the VF password to gain access to the DTE side of the local device. The list of security groups associated with the VF password, along with the number of VF and login passwords assigned to each group, displays in the lower portion of the VF Passwords input form (Figure 2-9). 5. To add or remove devices from the list of selected security groups displayed, choose the Security Groups button. The Security Group Selections window displays (Figure 2-10). 6. Select the desired security group, then choose either Add or Remove. Choose OK to change the list of selected security groups displayed on the VF Passwords input form (Figure 2-9). 2-28

Figure 2-10. Security Group Selections Window To add a security group to the Selected Groups list box: Procedure 1. Select the group from the All Security Groups list box. 2. Choose the Add button. 3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is added to the Selected Groups list box and is removed from the All Security Groups list box, and appears on the Contact List input form (Figure 2-2). 4. Choose Save to save your selection. 2-29

To remove a security group from the Selected Groups list box: Procedure 1. Select the group from the Selected Groups list box. 2. Choose the Remove button. 3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is removed from the Selected Groups list box and appears in the All Security Groups list box and on the Contact List input form (Figure 2-2). 4. Choose Save to save your selection. Using Security Control Security Control allows you to perform the following functions: Reset the security table Display and change security prompt strings Download the security table Display and change the administrative password To use Security Control, perform the following steps: Procedure 1. Select Config from the Main Menu. 2. Choose Call Security from the Config menu. 3. Choose Control from the Call Security menu. The Security Control menu items are visible in the menu bar. The following is a list of the Security Control menu commands with a brief description of each. Command Allows you to execute commands to control the operation of security functions for NMS. 2-30

Option Enables you to control the display of passwords and to request the display of a confirmation box. Window Allows for changing the method of displaying windows opened from the Security Control window or closing all the windows opened from the current Security Control window. Print Prints the current Security Control window and all windows opened from it. Command Select Command from the Security Control menu bar and the Command pull-down menu (Figure 2-11) displays. Use Command to control the security functions available through the Security Manager feature. These commands only apply to devices in security groups with the Security feature installed. Figure 2-11. Command Menu! CAUTION: If the device requires password access, resetting its security password table prevents incoming calls to that device and resets the administrative password to its system default value. 2-31

Reset Security Table Choose Reset Security Table from the Command pull-down menu to clear the security password table for one or more devices. The Reset Security Table window (Figure 2-12) displays the names of all the devices selected for the Reset Security Table command (default is global selection list). Choose Devices to select different devices to appear on the list. Choose Execute to reset the security table for each device in the selection list. Figure 2-12. Reset Security Table Window Security Prompt Strings Choose Security Prompt Strings from the Command pull-down menu to display and/or change prompts and messages related to the login ID and password access for selected devices. The Security Prompt Strings window (Figure 2-13) displays security prompt strings for selected devices. 2-32

Figure 2-13. Security Prompt Strings Window Device List The device names selected to receive the new security prompt strings. ID Prompt Used to query for the user s login ID (32 characters maximum). Password Prompt Used to query for the user s login password (32 characters maximum). Verifying Message The message to be displayed while the device is verifying the login password (32 characters maximum). Access Granted Message The message displayed when the user is granted access to the device s DTE connection (32 characters maximum). 2-33

To change the devices selected as displayed in the Device List box, choose Devices, then make your selection from the displayed dialog box. To read the security prompts from the selected device(s) and display these values on the Security Prompt Strings window, select a device from the Device List box and choose Display. To change the security prompts for the selected device(s) to the values displayed on the Security Prompt Strings window, select device(s) from the Device List box and choose Change. NOTE: When entering data into the ID Prompt, Password Prompt, Verifying Message, and Access Granted Message fields, be sure to include any appropriate carriage returns and line feeds. To do this, use a backslash (\) followed by the hexadecimal value for the character (0A for line feed or 0D for carriage return). For example, type 0A\0D Enter Password \0A\0D to have the prompt Enter Password appear on a line by itself. Administrative Password Choose Administrative Password from the Command pull-down menu to display and/or change the password for selected device(s). This is the password the modem requires before permitting a user to access security functions from the modem s front panel. The Administrative Password window (Figure 2-14) displays the names of all the devices selected for the new administrative password (default is global selection list). Choose Devices to select different devices to appear on the list. Choose Display to show the password for the selected device in the 8-digit Password field. Choose Change to update the password for selected device(s) to the one displayed in the Password field. 2-34

Figure 2-14. Administrative Password Window Download Security Table Choose Download Security Table from the Command pull-down menu to download the security table to one or more devices. The Download Security Table window (Figure 2-15) displays the names of all the devices selected for the Download Security Table command (default is global selection list). Choose Devices to select different devices to appear on the list. Choose Execute to download the security table for each device in the selection list. This process consists of a broadcast message to all selected devices and could take as long as several minutes. NOTE: A download busies-out all selected devices that are currently idle. All devices that are connected at the time that a download is requested are downloaded without interrupting primary data. The busy-out condition is removed after the download is completed. 2-35

Figure 2-15. Download Security Table Window Option Select Option from the Security Control menu bar and the Option pull-down menu (Figure 2-16) displays. Use Option to request a confirmation box to verify that requested changes are to be implemented and to control the display of passwords. Figure 2-16. Option Menu 2-36

Confirmation Choose Confirmation from the Option menu to request that a confirmation box be shown before any changes are made to a device. A check mark next to Confirmation indicates that the box is enabled. This is a toggle function. Show Password Choose Show Password from the Option menu to allow the display of passwords. A check mark next to Show Passwords indicates that the display of passwords is allowed. This is a toggle function. Window Choose Window from the Security Control menu bar to change how Security Control windows are displayed or to close all the open Security Control windows. Choosing Window causes a drop-down menu (Figure 2-17) to display listing the commands Tile, Cascade, Arrange Icons, and Close All. The Window commands only affect the windows or icons opened from the same Security Control window. If two or more Security Control windows are open, the Window commands only operate on the windows opened from the current Security Control window. The windows opened from the current Security Control window are listed below the last command. A check mark indicates the active window. To change the active window, select the window name from the list. Figure 2-17. Window Drop-Down Menu 2-37

Tile Choose Tile from the pull-down menu to have the windows arranged in a side-by-side manner. This allows viewing of several windows simultaneously (side-by-side) with the disadvantage that each window is smaller than if they were displayed on top of each other. Figure 2-18 shows three Security Control windows displayed in the tile fashion. Figure 2-18. Tile Method of Displaying Windows Cascade Choose Cascade from the pull-down menu to have windows arranged in a stacked fashion while allowing the upper and left side of each window to remain in view. This permits viewing of the primary window, in a larger size than Tile, and makes changing from one window to another easier than if they were displayed directly on top of each other. Figure 2-19 shows three Security Control windows displayed in the cascade fashion. 2-38

Figure 2-19. Cascade Method of Displaying Windows Print Arrange Icons Choose Arrange Icons from the pull-down menu to display any icons along the lower portion of the window. Close All Choose Close All from the pull-down menu to close all the windows called from the current Security Control menu. Choose Print from the Security Control menu to print the current Security Control window and all windows opened from it. See the COMSPHERE 6700 Series Network Management System User s Guide for additional information on using printers. 2-39

3 Overview This chapter describes the Event Monitor command that is provided by the Security Manager feature. This command is accessed from the Displays menu and is an additional way to monitor the condition of your network. Event Monitor Event Monitor commands allow you to view all the current events related to call security. The displayed events can be sorted by security ID, device name, event time, or event description. From the Event Monitor window, you can control displayed events, display security control or information windows, and limit the events displayed by priority level. Select Event Monitor from the Displays pull-down menu. The Event Monitor window (Figure 3-1) displays with the menus Action, Sort By, Include, Control, Info and a listing of the current events reported by the Security Manager. Each listing uses five fields of information containing the security ID, device name, event time, event description, and automatic action taken. 3-1

Displays Figure 3-1. Event Monitor Window Action Select Action from the Event Monitor menu bar to access the Action pull-down menu (Figure 3-2). The Action menu is inactive (gray) unless an event is selected. Use the Action pull-down menu commands to perform the following functions: Reset Security Table Clear Event Disconnect Device Busy Out Device Download Security Table Confirmation Required 3-2

Displays Figure 3-2. Action Pull-Down Menu Reset Security Table Choose Reset Security Table from the Action pull-down menu to reset the security table in the selected device, then cause the device to be busied-out. The device s security table is cleared, preventing dial-in access when the device is configured to require password verification. This creates a security event, indicating to the Security Manager that the device requires a security table download. If you do not have security privileges, this menu item is inactive (gray). Clear Event Choose Clear Event from the Action pull-down menu to delete the selected events from the Event Monitor window. If you do not have security privileges, this menu item is inactive (gray). 3-3

Displays Disconnect Device Choose Disconnect Device from the Action pull-down menu to command the device to disconnect the telephone connection. The selected event is removed from the Event Monitor window. If you do not have security privileges, this menu item is inactive (gray). Busy Out/Remove Busy Out Device Choose Busy Out Device from the Action pull-down menu to either busy out the device or choose Remove Busy Out to remove this condition. If you do not have security privileges, this menu item is inactive (gray). Download Security Table Choose Download Security Table from the Action pull-down menu to busy out the device, then download a security table. You must select a Device Security Table Invalid event to enable this command. If you do not have security privileges, this menu item is inactive (gray). NOTE: A download busies-out all selected devices that are currently idle. All devices that are connected at the time that a download is requested are downloaded without interrupting primary data. The busy-out condition is removed after the download is completed. Confirmation Required Choose Confirmation Required from the Action pull-down menu to request a that confirmation box display for all Action menu commands. A check mark displays next to this menu item when the confirmation box is enabled. 3-4

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback