Instruction manual
Detecting toll fraud
Issue 9 May 2003
5-59
Security violation notification
(Communication Manager, MultiVantage
Software, DEFINITY ECS and DEFINITY G3)
For Communication Manager, MultiVantage™ Software, DEFINITY ECS and
DEFINITY G3, the Security Violation Notification feature (SVN) provides the
capability to immediately detect a possible breach of the System Management,
Remote Access, or Authorization Code features; and to notify a designated
destination upon detection. It is intended to detect Generic 3 Management
Terminal (G3-MT) or Generic 3 Management Application (G3-MA) login failures
through the INADS port, based on customer-administrable thresholds. Once an
SVN threshold is reached, (for a system management login, a remote access
barrier code, and, for DEFINITY G3V3 and later, an authorization code), the
system initiates a referral call to an assigned referral destination.
For systems earlier than DEFINITY G3V3, the referral destination must be an
attendant console or station equipped with a display module. For DEFINITY G3V3
and later, the referral destination can be any station, if an announcement has
been administered and recorded. Also for G3V3 and later releases, the SVN
Referral Call with Announcement option provides a recorded message identifying
the type of violation accompanying the SVN referral call, such as login violation,
remote access violation, or authorization code violation. Using call forwarding, call
coverage, or call vector Time of Day routing, SVN calls with announcements can
terminate to any point on or off the switch. The SVN feature also provides an audit
trail about each attempt to access the switch using an invalid login, remote access
or (G3V3 and later) authorization code.
The SVN time interval selected, in conjunction with the threshold, specifies when
a referral call occurs. For example, if the barrier code threshold is set to 10 with a
time interval of two minutes, a referral call occurs whenever 10 or more invalid
barrier codes are entered within two minutes.
The advantage of the SVN feature is that it notifies the user of the problem as it
occurs so that there is an opportunity to interrupt unauthorized calls before
charges are incurred, as well as a chance to apprehend the violator during the
attempted violation. The
monitor security-violations command displays the
login activity in real-time on either remote access or system management ports.
Information about invalid system management login attempts and remote access
attempts (and, for G3V3 or later), invalid authorization code attempts) is collected
at two levels:
■ On an immediate basis, when an invalid login attempt is made, for systems
earlier than DEFINITY G3V3, the SVN feature can send a priority call to
either an attendant console or a station equipped with a display module.
For DEFINITY G3V3 and later, the SVN feature can send to any station if
an announcement has been administered and recorded. When notified, the
security administrator can request the Security Violations Status report,
which shows details of the last 16 security violations of each type for
Communication Manager, MultiVantage™ Software, DEFINITY ECS and
DEFINITY G3.