Avaya 03-300430 Home Security System User Manual


  Open as PDF
of 2574
 
Communication Manager Maintenance-Object Repair Procedures
1488 Maintenance Procedures for Avaya Communication Manager 3.0, Media Gateways and Servers
4. The affected login ID will be disabled as a result of detection of the security violation, unless
it is the system’s last enabled INADS-type login. The provision to disable a login ID following
detection of a security violation involving that login ID is administrable on a login ID basis.
5. Use enable login to enable a login that has been disabled, and to retire any login
security violation alarms associated with the login ID.
6. To use enable login to enable a login and/or retire alarms, use a login ID with greater
service level hierarchy permissions.
7. Access to enable login is controlled through the Administer Permissions field on the
Command Permission Categories screen. Set the Administer Permissions field to y to
access enable login.
8. The Port alarm report field identifies the port where the final invalid login attempt, involving
the alarmed login ID, was detected. Valid port values for G3i products include:
- MGR1: Dedicated Manager 1 or G3 MT (management terminal) connection
- NET-n: Network controller’s dial-up port
- INADS: Alarm receiver’s port
- PN: PN’s maintenance EIA port
- EIA: Other EIA port
Valid port values for G3r products include:
- SYSAM _LOC: Local administration port
- SYSAM _RMT: Remote administration port
- SYS_PORT: System port
- MAINT: Maintenance port
9. The Svc State alarm report field will be set to OUT if the login ID is in the disabled state as
a result of detection of a security violation involving the login ID. Once the login ID has been
enabled, the field will be set to IN.
10. The source or reason of the failed login attempts should be identified and the cause
corrected prior to re-enabling a login ID and/or retiring any alarms associated with the login
ID. The cause may be something as innocuous as the failure of Avaya services automatic
login software, to something as insidious as a hacker attempting to gain access to the
switch system management interface.
Prior to retiring an SVN alarm and enabling the associated login ID, use monitor
security-violations login to access information about the invalid login attempts that
caused the security violation. This information can be useful in determining the source of the
invalid attempts and analyzing why they occurred.
Use list logins to see status information about logins on the system. If a login has been
disabled as a result of a security violation, the status is svn-disabled.