Security Violations 1

[scottyjohn]

Hithere,
I was wondering if there was any way of getting a more detailed report on when security violations actually occur? Ive tried the "List measurements security summary and detail" but they seem just to be totals.

Can anyone suggest anything?

Thanks in advance

John

 

[Jolagues]

John

I know if you are using r9 there is a way to have your switch call an extension when a security violation occures however I dont know of any other reports

hope this helps.

José

Please let me know if this was helpful

 

[scottyjohn]

Thanks Jose,

We already have that set up to call my mobile but other than printing off the detail report every day and comparing the failed login attempts for each available login, I cant see how to monitor where the problem lies?

Thanks for helping out.

John

 

[BlueE]

ScottyJohn,
In order to route the call to a mobile, you must first route the call to a VDN with a vector attached containing the Mobile Number - Right ?

If this is the case you could set the VDN to measured and although you won't see which LogonID generated the violation you will be able to report on which intervals the violations occured in.

Hope this helps....

Paul

 

[Jolagues]

You are geting them reguraly?

I have found cdr to be helpful in tracking down the problem.

Jose José

Please let me know if this was helpful

 

[scottyjohn]

Thank you guys for your suggestions. What we have done is to remove all of the dead logins from the switch and cleared the security violations measurement to zero. This means that we will check this with our alarms check every morning and this will let us know immediately which login was trying to be used.

Jose, how would you go about using the CDR data to track this?

Many thanks again.

John

 

[Armo2]

Scottyjohn,

You maybe able to get more details by having a look at how they're attempting to login - I presume you guys are using data modules or IP depending on the version. I presume they're login on via the tracker or inads port - if your site has the inads port on a seperate line it's not to easy to track but if the tracker is through the switch then you can allways add an analogue bridge to your station to get a visible indication of when anyone tries to access the tracker and use cdr to try and capture any ani (however i doubt there will be any).

Hope this helps,

Chris

 

[Definity]

scottyjohn,
You definetely have an option available in Definity to trace out the reports, What you can do is First administer the extensions in "ch sys secu" once done you'll get the notification on some phone whenever the voilation occurs aprt from this to take out a detailed list of all the voilations you can issue " monitor security login/auth/remo" to see each & every possible detail on it...
I am using this feature with my switch & this works perfect.

Hope this help, let me know...

 

[scottyjohn]

Thanks Definity and all,
The monitor feature gives me all the detail I was looking for!

Cheers

John

LOL

 

[Definity]

I am Glad I could help you with it..
Regards,