COMSPHERE 6700 SERIES NETWORK MANAGEMENT SYSTEM

6700 SERIES NETWORK

MANAGEMENT SYSTEM

SECURITY MANAGER FEATURE

SUPPLEMENT

Document No. 6700-A2-GB41-30

Notice

This publication is protected by federal copyright law. No part of this publication may be copied or distributed, transmitted, transcribed, stored in a retrieval system, or translated into any human or computer language in any form or by any means, electronic, mechanical, magnetic, manual or otherwise, or disclosed to third parties without the express written permission of Paradyne Corporation, 8545 126th Ave. N., Largo, FL 33773.

Paradyne Corporation makes no representation or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for a particular purpose. Further, Paradyne Corporation reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation of Paradyne Corporation to notify any person of such revision or changes.

Changes and enhancements to the product and to the information herein will be documented and issued as a new release to this manual.

Warranty, Sales, and Service Information

Contact your local sales representative, service representative, or distributor directly for any help needed. For additional information concerning warranty, sales, service, repair, installation, documentation, training, distributor locations, or Paradyne worldwide office locations, use one of the following methods:

 Via the Internet: Visit the Paradyne World Wide Web site at http://www.paradyne.com

 Via Telephone: Call our automated call system to receive current information via fax or to speak with a

company representative.

— Within the U.S.A., call 1-800-870-2221 — Outside the U.S.A., call 1-727-530-2340

Trademarks

Important Safety Instructions

1. Read and follow all warning notices and instructions marked on the product or included in the manual.

2. General purpose cables are provided with this product. Special cables, which may be required by the regulatory inspection authority for the installation site, are the responsibility of the customer.

About This Guide

Document Purpose and Intended Audience. . . iii

Document Summary. . . iii

Product-Related Documents. . . iv

1

Introduction

Overview . . . 1-1 Software Description . . . 1-1 Customer-Supplied Equipment. . . 1-3

2

Network Configuration

Overview . . . 2-1

Configuring the Network Elements . . . 2-2

Configuring a Contact List . . . 2-2

Configuring a Device Group . . . 2-6

Configuring the Network Alerts. . . 2-10

Configuring Event Controls for Call Security. . . 2-11

Configuring System Attributes and Options . . . 2-14

Setting System Options . . . 2-14

Defining NMS Users . . . 2-14

Defining System Colors . . . 2-15

Configuring Call Security . . . 2-16

Defining VF Passwords . . . 2-16

Using Security Control . . . 2-19

Command . . . 2-20

Option . . . 2-24

Window . . . 2-24

3

Displays

Overview . . . 3-1

Event Monitor . . . 3-1

Action . . . 3-2

Reset Security Table . . . 3-2

Clear Event . . . 3-2

Disconnect Device. . . 3-3

Busy Out/Remove Busy Out Device. . . 3-3

Download Security Table . . . 3-3

Confirmation Required . . . 3-3 Sort . . . 3-4 Security Name . . . 3-4 Device Name . . . 3-4 Event Time . . . 3-4 Event Priority . . . 3-4 Include . . . 3-5 Control . . . 3-5 Info . . . 3-5

4

Reports

Overview . . . 4-1 Configuration . . . 4-1 Contact . . . 4-1 Device Groups . . . 4-2 VF Security . . . 4-3

Event Control Priorities Report . . . 4-5

Event History . . . 4-5

Document Purpose and Intended Audience

This supplement describes how to use the COMSPHERE 6700 Series Network Management System (NMS) Security Manager feature.

It is assumed that you have a basic understanding of modems and their

operation, that you are knowledgeable about data communications, that you are familiar with Windows terminology and conventions, and that you have installed and can operate the COMSPHERE 6700 Series NMS software.

Document Summary

Section Description

Chapter 1 Introduction. Provides an overview of the Security Manager feature.

Chapter 2 Network Configuration. Provides information about the changes to configuration with the Security Manager feature.

Chapter 3 Displays. Provides information on changes to Displays with the Security Manager feature.

Chapter 4 Reports. Provides information on changes to Reports with the Security Manager feature.

Glossary Defines acronyms and terms used in this document.

Product-Related Documents

Document Number Document Title

3000-A2-GA31 COMSPHERE 3000 Series Carrier, Installation Manual

3810-A2-GB30 COMSPHERE 3800 Series Modems, Models 3810, 3811, and 3820, User’s Guide

6700-A2-GY31 COMSPHERE 6700 Series Network Management System, User’s Guide

Contact your sales or service representative to order additional product documentation.

Paradyne documents are also available on the World Wide Web at: http://www.paradyne.com

1

Overview

The Security Manager feature is an enhancement to the COMSPHERE 6700 Series Network Management System (NMS) which supports the call security features of the COMSPHERE 2400 Series and COMSPHERE 3800 Series devices.

The 6700 Series NMS is described in the COMSPHERE 6700 Series Network Management System User’s Guide. This supplement is designed to be used in conjunction with the User’s Guide. The changes and additions to the basic NMS software product are described in this supplement in the same logical flow as in the User’s Guide, e.g., applicable chapter titles are the same in both manuals. For ease of use, repetition of information between manuals has been kept to a minimum. Therefore, it is suggested that you have the User’s Guide available when referencing this supplement.

Software Description

The Security Manager feature is designed to be used in conjunction with NMS and the call security features of the 2400 Series and 3800 Series devices. The Security Manager feature provides the following functionality enhancements to the 2400 Series and 3800 Series devices call security features:

A new 2400/3800 Series device alert, Access Security Alarm. This alert is generated by the device and can appear on any display that shows device alerts.

New call failure status codes supported in call statistics. Calls monitored for security violations.

Additional security for login ID and time of day access verification. Creation and maintenance of a security database within each device. Download of the security database to the devices.

The Security Manager is used to perform the following functions to configure a 2400/3800 Series device for security use:

Configuring security event priorities and actions.

Configuring all Voice Frequency (VF) passwords used by 2400/ 3800 Series devices.

Configuring all login IDs and passwords used by 2400/3800 Series devices. Configuring device security groups to link login passwords and VF passwords with selected 2400/3800 Series devices.

Configuring 2400/3800 Series devices’ security options, such as prompts. Downloading of login and VF passwords to 2400/3800 Series devices. The following dial access procedure is an example of how the Security Manager feature works in conjunction with a 2400/3800 Series device:

1. A remote device is commanded to dial a local 2400/3800 Series device. The dial command used contains a VF password, such as ATD

530-9999W12345678, which causes the remote device to dial 5309999 and wait for a dial tone.

2. The local 2400/3800 Series device answers the call and responds with a dial tone.

3. The remote device receives the dial tone and then dials 12345678 (the VF password).

4. The local 2400/3800 Series device verifies the VF password using Dual Tone Multi-Frequency (DTMF) tones against its internal password table. If the password is invalid, the device disconnects the line and a disconnect message is sent to the Security Manager. If the password is valid, the local 3800 Series device trains up with the remote device.

5. The VF password used contains a flag indicating whether an additional login/password sequence must be performed. If no additional sequence is required, then the local 2400/3800 Series device allows the remote device to access the Data Terminal Equipment (DTE) connection and send a connect message to the Security Manager. If an additional sequence is required:

— The local 2400/3800 Series device prompts the remote device (through the remote device’s terminal or computer) for User ID, if this function is enabled via a device option.

— The remote device’s user enters a login ID.

— The local 2400/3800 Series device receives the login ID password and verifies it with its internal password table. Up to five attempts to enter a password can be made, after which the local device will disconnect and send a message to the Security Manager. If the VF and DTE passwords match, you only have one attempt to enter it before the device is disconnected.

6. When the Security Manager receives a connect message containing call security information from the local 2400/3800 Series device, the call security information is added to the event history file and the VF login ID and

password reported by the device are verified. If any of the following occur, an event is registered with the Security Manager:

— The login ID is invalid.

— The password is invalid for the login ID.

— The login ID is not allowed to access the Security Manager at this time of day.

7. When the local 2400/3800 Series device sends a disconnect message containing call security information to the Security Manager:

— The call security information is added to the event history file. — An internal event is generated to the Security Manager. 8. When the Security Manager generates an internal event:

— The event control record is checked to determine the event’s priority and what action should be taken (e.g., busy out the local device, disconnect the local device, take no action, etc.). Any automatic action taken is logged to the event history file.

— All applications sensitive to security events will be notified and will update their displays.

Customer-Supplied Equipment

The following list contains recommended enhancements to your PC environment to adequately support the Security Manager feature:

2

Overview

This chapter describes several additional network elements that you must configure when you have the Security Manager feature. These elements are:

Event Control VF Passwords Security Control

In addition, there are changes to the following network elements for the Call Security feature:

Contact List Device Groups Network Alerts

System Attributes and Options

Configuring the Network Elements

The Security Manager feature provides enhancements to the following network elements described in Chapter 4, Configuration, of the COMSPHERE 6700 Series Network Management System User’s Guide:

H Contact List – expanded to keep track of security login IDs.

H Device Group – expanded to include device security groups.

These enhancements are described in the following sections.

Configuring a Contact List

To configure a contact list, complete the input form using the following steps:

"

Procedure

1. Select Config from the Main Menu. 2. Choose Network from the Config menu.

4. Enter the requested data into the fields on the Contact List Configuration input form.

5. Choose Save or one of the other commands from the Action menu (see

Table 2-1).

Table 2-1. Action Commands (Contact List) (1 of 2) Action

Commands Functions Procedures

Save Stores the contents of the input form to the network database. Use this command for updating or adding device security groups to the database.

1. Complete the input form. 2. Choose Save.

Clear Removes the current field entries of the input form without affecting the network database.

1. Choose Clear.

Delete Removes the security group name from the network database.

1. Access an existing security group name on the input form.

2. Choose Delete. Change

Contact Name

Changes the contact name throughout the network database.

1. Access an existing contact list. 2. Choose Change Contact Name. 3. Enter the new contact name in the

dialog box. 4. Choose OK. Set Access

Time Default

Resets the access time default values to those that are currently displayed.

1. Access an existing contact name on the input form.

2. Change the access times. 3. Choose Set Access Time Default. Print Prints the contact list information

currently displayed. If Show

Passwords is checked, then the

password(s) for the contact name is printed.

1. Access an existing name on the input form.

2. Choose Print, or

1. Complete the input form. 2. Choose Save.

Table 2-1. Action Commands (Contact List) (2 of 2) Action

Commands Functions Procedures

Print All Prints the contact information currently stored in the database. If Show Passwords is checked, then the password(s) for the contact name is printed.

1. Access an existing name on the input form.

2. Choose Print All, or

1. Complete the input form. 2. Choose Save.

3. Choose Print All. Show

Passwords

Permits the display and/or printing of passwords associated with the contact name.

Select or deselect Show Passwords. A check mark indicates that the option is enabled.

In addition to the Contact Name, Address, Telephone, and Comments fields, the Security Manager feature provides the following additional fields:

Login ID

An optional field (eight characters) that contains the alphanumeric characters (required if the device option is enabled). The login ID must be unique. Entry of a login ID enables the Login Password and Access Times fields, as well as the Security Group/# Passwords list box.

Login Password

A required field that contains the password required for you to log in to the Security Manager. These characters are displayed as asterisks (***) unless you have selected Show Passwords from the Action menu. If you wish NMS to generate the login password, choose Generate from the Configuration – Contact List menu bar to automatically generate a random, 6-character password.

Access Times

A control used to indicate when the user owning the login ID and password entered is permitted to access the 6700 network. The control shows seven days divided into 24-hour periods. Boxes displayed in light gray indicate that the user who has logged in cannot access the network during those times (‘‘off” condition) without causing an Invalid Access Time security event. Times appearing in black indicate an ‘‘on” condition, meaning the user is permitted to access the network during those times. The default value for all times is

To change the valid access times, do one of the following:

— Click on each box individually (or press the spacebar) to toggle the condition setting.

— Select a group of time boxes by dragging the mouse to enclose boxes in a selection rectangle (or use the Arrow keys). The box you start dragging from determines the on/off condition of the other boxes selected. Clicking the mouse on the selected boxes (or pressing the spacebar) sets their condition to the opposite of the setting for the time box in the upper left corner within the rectangle.

— Click on a day of the week name (or press the spacebar) to set the condition for the entire day to the condition selected for the 00 hour. Choose Set Access Time Default from the Action menu to reset the access time default values to those that you have just set on the screen.

Security Group/# Passwords

This list box displays all security groups with which the contact is associated. Also shown are the number of passwords associated with each security group.

Procedure

To add a security group to the Selected Groups list box: 1. Select the group from the All Security Groups list box. 2. Choose the Add button.

3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is added to the

Selected Groups list box and is removed from the All Security Groups list

box, and appears on the Contact List input form on page 2-2. 4. Choose Save to save your selection.

Procedure

To remove a security group from the Selected Groups list box: 1. Select the group from the Selected Groups list box. 2. Choose the Remove button.

3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is removed from the Selected Groups list box and appears in the All Security Groups list box and on the Contact List input form on page 2-2.

4. Choose Save to save your selection.

Configuring a Device Group

A device group is a user-defined category that identifies a set of devices. The

Device Groups command allows you to create, change, delete, or print device

group configuration information. The Security Manager feature expands this function to provide the logical link between a group of devices and a list of security passwords. Using the device security group makes it easier to configure more than one device with exactly the same set of passwords and security options.

NOTE:

A device can be a member of only one security group at any one time. To create or change device group configuration, complete the Device Groups Configuration input form by entering information in the appropriate fields.

Procedure

To configure a device group, complete the input form by using the following steps: 1. Select Config from the Main Menu.

2. Choose Network from the Config menu.

4. Enter the information requested into the form.

Use the commands from the Action menu to complete configuration. Use the Download menu to download all passwords and security modes assigned to the group name to the devices. If specific devices are selected, then the download only affects these devices. If no devices are selected, then the download affects the all of the devices in the group.

In addition to the fields listed to configure a device group, use the following procedure to complete the Device Groups Configuration input form when configuring a device security group:

Procedure

1. If the group listed in the Group Name field is a security group, place a check in the Security Group box. This enables the Security Passwords in Group box, the Answer Security Mode box, the Auto Dialer Security box, and the

Reporting Modes box, as well as the Download menu item.

2. Choose Show Passwords from the Action menu if you want passwords to be displayed and/or printed.

4. To add VF and/or DTE passwords to the selected passwords list, select the appropriate VF/DTE passwords and choose Add. To remove passwords from the selected passwords list, select the appropriate VF/DTE passwords and choose Remove. If the VF and DTE passwords match, both entries must be selected. In either case, choosing OK confirms your selection, while choosing Cancel closes the selection dialog box without making any changes.

5. To control which passwords will be required by the devices in the security group when an incoming call is answered, use the Answer Security Mode box.

— Disabled indicates that inbound security is disabled.

— DTE Only indicates that the modem requires the call originator to provide a DTE login password.

— VF and DTE indicates that both VF and DTE passwords are required by the devices in the security group.

— VF with Matching DTE indicates that a specific VF will always require a specific DTE. The entries cannot be mismatched.

When VF with matching DTE is in effect, you must select a VF entry and its matching DTE entry from the All Available Password list boxes and add them to the Selected Passwords list box. Both entries will be displayed on the same line in bold in the Selected Passwords and

Security Passwords in Group list boxes.

The appropriate device option must be enabled before the device will prompt the user for a login ID.

6. To control access to the dialers for all devices in the security group, use the

Auto Dialer Security box. If Enabled, the modem requires the call originator

7. To have failed calls reported to the Security Manager, check the Call Failure box (this is the default).

8. To have successful calls reported to the Security Manager, check the Call

Success box (this is the default).

9. Choose Save or one of the other commands from the Action menu (see Table 2-2).

10. Choose Download from the Device Groups menu bar to download all

passwords and/or security modes assigned to the security group identified in the Group Name field. To download to selected devices in a security group, select those devices from the Devices in Group box. To download to all devices in the security group, do not select any specific devices. The download is limited to those devices in the security group with the security feature installed.

NOTE:

A download busies-out all selected devices that are currently idle. All devices that are connected at the time that a download is requested are downloaded without interrupting primary data. The busy-out condition is removed after the download is completed.

Table 2-2. Action Commands (Device Security Groups) (1 of 2) Action

Commands Functions Procedures

Save Stores the contents of the input form to the network database. Use this command for updating or adding device security groups to the database.

1. Complete the input form. 2. Choose Save.

Delete Removes the security group name from the network database.

1. Access an existing security group name on the input form. 2. Choose Delete.

Change Changes the security group name throughout the network database.

1. Access an existing security group name on the input form. 2. Choose Change.

3. Enter the new security group name in the dialog box. 4. Choose OK.

Print Prints the security group

information currently displayed. If

Show Passwords is checked, then

the password(s) for the security group name is printed.

1. Access an existing name on the input form.

Table 2-2. Action Commands (Device Security Groups) (2 of 2) Action

Commands Functions Procedures

Print All Prints the security group

information currently stored in the database. If Show Passwords is checked, then the password(s) for the security groups are printed.

1. Access an existing name on the input form.

2. Choose Print All, or

1. Complete the input form. 2. Choose Save.

3. Choose Print All. Show

Passwords

Permits the display and/or printing of passwords associated with security groups.

1. Select or deselect Show Passwords. A check mark indicates that the option is enabled.

Configuring the Network Alerts

Configuring Event Controls for Call Security

The event control function enables you to control what actions are initiated by the Security Manager and the priority level assigned to the call security events.

Table 2-3 describes each security event and their default values.

Table 2-3. Call Security Event Descriptions (1 of 2) Event Description Event Definition

Event Source Event Duration Event Priority Auto Actions

VF Login OK A remote user has gained access using a valid node password.

Modem Duration No Event None

User Login OK A remote user has gained access using a valid security password.

Modem Duration No Event None

User Login Rejected: 3 Retries Failed

A remote user has attempted access and did not enter a valid security password in three attempts.

Modem Duration Minor None

User Login Rejected: Password Time Out

A remote user has attempted access but did not enter a security password before the time-out period expired.

Modem Duration Minor None

User Login Aborted: Line Disconnected

A remote user has attempted access but the connection was dropped before the user entered a security password.

Modem Duration Major None

VF Login Rejected: Password Invalid

A remote user has attempted access using an invalid node password.

Modem Duration Major None

VF Login Rejected: Password Time Out

A remote user has attempted access but did not enter a node password before the time-out period expired.

Modem Duration Minor None

VF Login Aborted: Line Disconnected

A remote user as attempted access but the connection was dropped before the user entered a node password.

Modem Duration Major None

User Login OK: Multiple Password Retries

A remote user has gained access using a valid security password, but multiple attempts were required to enter a valid password.

Security Manager

Duration Major None

Login ID and Password

Combination Invalid

A remote user has gained access using a valid security password, but the valid login ID entered is not valid for the security password entered.

Security Manager

Duration Critical Disconnect

Invalid Login ID, Password Valid for Device

A remote user has gained access using a valid security password, but the login ID entered is not valid.

Security Manager

Duration Critical Disconnect

Table 2-3. Call Security Event Descriptions (2 of 2) Event Description Auto Actions Event Priority Event Duration Event Source Event Definition

User Login Hack. Multiple Sequential Password Retries

A remote user has gained access using a valid security password, but to do so required entry of multiple passwords, each separated by a numeric value of one. Security Manager Until Cleared by Operator

Critical Busy Out

Device Security Table Invalid

The security password table maintained by the device is invalid and must be downloaded.

Security Manager

Duration Critical None

Security Download in Progress

The security password table for the device indicated is being downloaded.

Security Manager

Duration Minor None

Security Download Failed

The security password download has failed. The system has tried to perform the download three times prior to this event. Security Manager Until Download Started or Device Deleted

Critical Reset & Busy Out

Front Panel Modification

A user has made changes to the modem security via the front panel.

Modem Duration Critical None

Make Busy Mode The device is currently busied out. This may have been done by the Security Manager.

Device Duration As per Alert Controls

Procedure

To change the security event default values: 1. Select Config from the Main Menu.

2. Choose Alerts and Events from the Config menu.

3. Choose Event Controls – Call Security from the Alerts and Events cascading menu. The Event Controls – Call Security window appears.

4. Select the priority (Critical, Major, Minor, or No Event) for each event. Your selection determines sort order and differentiates the severity of the event by color.

5. Select the automatic action to be taken by the Security Manager. Table 2-4

lists the auto actions available.

6. Choose Save or one of the other commands from the Action menu. Action commands for events are the same as those for alerts. Refer to the

COMSPHERE 6700 Series Network Management System User’s Guide.

Table 2-4. Event Control Security Manager Auto Actions Auto Action Description

Busy Out The Security Manager commands the reporting device to disconnect the telephone connection, then go into a busy out state.

Download The device is busied out and its security table is downloaded. Only valid for the Device Security Table Invalid event.

Configuring System Attributes and Options

To configure the system attributes and options, choose Config from the Main Menu and then choose System. This menu allows you to define the operational criteria for NMS. The Security Manager feature provides the additional operation criterion, Collect Event History. The Collect Event History system option enables you to control the purging of the call event history.

Setting System Options

The System Options input form is shown below.

Select the check box to the left of the Collect Event History field, then make your selection in the number range field.

Collect Event History

Select the check box if you want NMS to record all security events in an event history file. The event history can then be displayed or printed via the Event History Report.

Use the number range field to select the number of days to keep active history records (Default = 30 days).

Defining NMS Users

User Profile commands allow you to define the NMS users and their system

privileges.

The User Profile Configuration input form is shown below.

Select the check box before the Call Security field.

Call Security

A Security Manager privilege that allows you to change NMS call security parameters and to cause these changes to occur in devices. If the check box is not selected, you are limited to displaying call security information; you cannot change it.

Defining System Colors

The Security Manager feature adds a new color group for security events. System colors are used to distinguish event priorities. The default colors are listed in Table 2-5.

Table 2-5. Event Priorities System Colors

Group Color Group Elements Default Colors

Configuring Call Security

Call Security enables you to define VF Passwords and to control the operation of the NMS security features.

Defining VF Passwords

You can require that the COMSPHERE 2400 Series and 3800 Series devices receive a valid password before training. This is a VF password which is a series of DTMF signals, generated by either a telephone or by adding a password to the end of a dial command to the calling modem. A device uses this VF password to verify that the remote calling device is permitted access.

To create VF passwords, complete the Call Security – VF Passwords input form and use the Action commands (see Table 2-6).

Table 2-6. Action Commands (VF Passwords) Action

Commands Functions Procedures

Save Stores the contents of the input form to the network database. Use this command for updating or adding VF password names to the database.

1. Complete the input form. 2. Choose Save.

Delete Removes the VF Password name and all associations from the network database.

1. Access an existing VF Password name on the input form.

2. Choose Delete. Clear Removes the current field entries of the input

form without affecting the network database.

1. Choose Clear. Change VF

Password Name

Changes the VF Password name throughout the network database.

1. Access an existing VF Password name on the input form.

2. Choose Change.

3. Enter the new VF Password name in the dialog box.

4. Choose OK. Print Prints the VF Password name information

currently displayed. If Show Passwords is checked, then the password(s) for the VF Password name is printed.

1. Access an existing name on the input form. 2. Choose Print,

or

1. Complete the input form. 2. Choose Save.

3. Choose Print. Print All Prints the VF Password information currently

displayed. If Show Passwords is checked, then the password(s) for the VF Password name is printed.

1. Access an existing name on the input form. 2. Choose Print All,

or

1. Complete the input form. 2. Choose Save.

3. Choose Print All. Show

Passwords

Permits the display and/or printing of passwords associated with VF Password names.

Procedure

To define VF Passwords:

1. Select Config from the Main Menu.

2. Choose Call Security from the Config menu.

3. Choose VF Passwords from the Call Security menu. The VF Passwords input form appears.

4. Enter the information in the fields on the VF Passwords input form by either: — Using the selection list button to the right of the field to access existing

field entries, or

— Typing the information in the field, then pressing Tab.

For the VF Password field only, you can choose Generate from the VF Passwords menu to automatically generate an 8-digit password.

Field Description

VF Name A label (eight characters maximum) that is unique to the network and used to identify the VF Password.

VF Password

A password (eight digits maximum) that is unique to the network and used to allow the remote device to gain access to the training sequence of a local device. Must be a DTMF signal.

Comments An optional field for additional VF Password name information (maximum 40 characters).

The list of security groups associated with the VF password, along with the number of VF and login passwords assigned to each group, displays in the lower portion of the VF Passwords input form.

NOTE:

Do not use alpha or special characters in the VF Password field.

5. To add or remove devices from the list of selected security groups displayed, choose the Security Groups button. The Security Group Selections window appears.

6. Select the desired security group, then choose either Add or Remove. Choose OK to change the list of selected security groups displayed on the VF Passwords input form.

Procedure

To add a security group to the Selected Groups list box: 1. Select the group from the All Security Groups list box. 2. Choose the Add button.

3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is added to the

Selected Groups list box and is removed from the All Security Groups list

"

Procedure

To remove a security group from the Selected Groups list box: 1. Select the group from the Selected Groups list box. 2. Choose the Remove button.

3. Choose the OK button to confirm your selection or the Cancel button to cancel the selection. If you chose OK, then this security group is removed from the Selected Groups list box and appears in the All Security Groups list box and on the Contact List input form on page 2-2.

4. Choose Save to save your selection.

Using Security Control

Security Control allows you to perform the following functions:

H Reset the security table

H Display and change security prompt strings

H Download the security table

H Display and change the administrative password

"

Procedure

To use Security Control:

1. Select Config from the Main Menu.

2. Choose Call Security from the Config menu.

3. Choose Control from the Call Security menu. The Security Control menu items are visible in the menu bar.

The following is a list of the Security Control menu commands with a brief description of each.

H Command

Allows you to execute commands to control the operation of security functions for NMS.

H Option

Enables you to control the display of passwords and to request the display of a confirmation box.

H Window

Command

Select Command from the Security Control menu bar and the Command pull-down menu appears. Use Command to control the security functions available through the Security Manager feature. These commands only apply to devices in security groups with the Security feature installed.

CAUTION:

If the device requires password access, resetting its security password table prevents incoming calls to that device and resets the

administrative password to its system default value. Reset Security Table

Security Prompt Strings

Choose Security Prompt Strings from the Command pull-down menu to display and/or change prompts and messages related to the login ID and password access for selected devices. The Security Prompt Strings window displays security prompt strings for selected devices.

— Device List

The device names selected to receive the new security prompt strings. — ID Prompt

Used to query for the user’s login ID (32 characters maximum). — Password Prompt

Used to query for the user’s login password (32 characters maximum). — Verifying Message

— Access Granted Message

The message displayed when the user is granted access to the device’s DTE connection (32 characters maximum).

To change the devices selected as displayed in the Device List box, choose Devices, then make your selection from the displayed dialog box. To read the security prompts from the selected device(s) and display these values on the Security Prompt Strings window, select a device from the Device List box and choose Display.

To change the security prompts for the selected device(s) to the values displayed on the Security Prompt Strings window, select device(s) from the Device List box and choose Change.

NOTE:

When entering data into the ID Prompt, Password Prompt, Verifying

Message, and Access Granted Message fields, be sure to include

any appropriate carriage returns and line feeds. To do this, use a backslash (\) followed by the hexadecimal value for the character (0A for line feed or 0D for carriage return). For example, type 0A\0D Enter Password \0A\0D to have the prompt Enter Password appear on a line by itself.

Administrative Password

Choose Administrative Password from the Command pull-down menu to display and/or change the password for selected device(s). This is the password the modem requires before permitting a user to access security functions from the modem’s front panel. The Administrative Password window displays the names of all the devices selected for the new administrative password (default is global selection list).

Download Security Table

Choose Download Security Table from the Command pull-down menu to download the security table to one or more devices. The Download Security Table window displays the names of all the devices selected for the

Download Security Table command (default is global selection list).

Choose Devices to select different devices to appear on the list. Choose Execute to download the security table for each device in the selection list. This process consists of a broadcast message to all selected devices and could take as long as several minutes.

NOTE:

Option

Select Option from the Security Control menu bar and the Option pull-down menu appears. Use Option to request a confirmation box to verify that requested changes are to be implemented and to control the display of passwords.

Confirmation

Choose Confirmation from the Option menu to request that a confirmation box be shown before any changes are made to a device. A check mark next to Confirmation indicates that the box is enabled. This is a toggle function.

Show Password

Choose Show Password from the Option menu to allow the display of passwords. A check mark next to Show Passwords indicates that the display of passwords is allowed. This is a toggle function.

Window

Choose Window from the Security Control menu bar to change how Security Control windows are displayed or to close all the open Security Control windows. Choosing Window causes a drop-down menu to appear listing the commands

Tile, Cascade, Arrange Icons, and Close All.

The Window commands only affect the windows or icons opened from the same Security Control window. If two or more Security Control windows are open, the Window commands only operate on the windows opened from the current Security Control window.

Tile

Choose Tile from the pull-down menu to have the windows arranged in a side-by-side manner. This allows viewing of several windows simultaneously (side-by-side) with the disadvantage that each window is smaller than if they were displayed on top of each other. The following shows three Security Control windows displayed in the tile fashion.

Cascade

Arrange Icons

Choose Arrange Icons from the pull-down menu to display any icons along the lower portion of the window.

Close All

Choose Close All from the pull-down menu to close all the windows called from the current Security Control menu.

Print

3

Overview

This chapter describes the Event Monitor command that is provided by the Security Manager feature. This command is accessed from the Displays menu and is an additional way to monitor the condition of your network.

Event Monitor

Event Monitor commands allow you to view all the current events related to call

security. The displayed events can be sorted by security ID, device name, event time, or event description. From the Event Monitor window, you can control displayed events, display security control or information windows, and limit the events displayed by priority level.

Action

Select Action from the Event Monitor menu bar to access the Action pull-down menu. The Action menu is inactive (gray) unless an event is selected.

Use the Action pull-down menu commands to perform the following functions: Reset Security Table

Clear Event Disconnect Device Busy Out Device

Download Security Table Confirmation Required

Reset Security Table

Choose Reset Security Table from the Action pull-down menu to reset the security table in the selected device, then cause the device to be busied-out. The device’s security table is cleared, preventing dial-in access when the device is configured to require password verification. This creates a security event, indicating to the Security Manager that the device requires a security table download. If you do not have security privileges, this menu item is inactive (gray).

Clear Event

Disconnect Device

Choose Disconnect Device from the Action pull-down menu to command the device to disconnect the telephone connection. The selected event is removed from the Event Monitor window. If you do not have security privileges, this menu item is inactive (gray).

Busy Out/Remove Busy Out Device

Choose Busy Out Device from the Action pull-down menu to either busy out the device or choose Remove Busy Out to remove this condition. If you do not have security privileges, this menu item is inactive (gray).

Download Security Table

Choose Download Security Table from the Action pull-down menu to busy out the device, then download a security table. You must select a Device Security Table Invalid event to enable this command. If you do not have security privileges, this menu item is inactive (gray).

NOTE:

A download busies-out all selected devices that are currently idle. All devices that are connected at the time that a download is requested are downloaded without interrupting primary data. The busy-out condition is removed after the download is completed.

Confirmation Required

Sort

Select Sort from the Event Monitor menu bar to access the Sort pull-down menu. Use the Sort pull-down menu commands to sort the listing by Security Name,

Device Name, Event Time, or Event Priority.

Security Name

Choose Security Name from the Sort pull-down menu to list the events alphanumerically by security ID.

Device Name

Choose Device Name from the Sort pull-down menu to have the events listed according to device name. The device names are alphanumerically sorted. Use the scroll bar to view events not currently displayed.

Event Time

Choose Event Time from the Sort pull-down menu to list events according to the time they occurred. Each new event displays at the bottom of the list. Use the scroll bar to locate an event. This event will remain displayed until another event is chosen.

Event Priority

Include

Select Include from the Event Monitor menu bar to access the Include pull-down menu. Use the Include pull-down menu commands to limit the Event Monitor display to only those events that fall into the priorities selected for view.

The Include pull-down menu contains four selections: No Event, Critical, Major,

Minor. To include events with one or more of these priorities, select the menu

item(s). A check mark will be placed next to your selection. At least one of these priorities must be selected.

Control

Select Control from the Event Monitor menu bar to open a Security Control window for events selected on the Event Monitor window. You can also double-click on an event to display its Security Control window.

4

Overview

This chapter describes three new reports offered with the Security Manager feature (VF Passwords, Event Control and Event History) and enhancements to the Contact configuration and Device Group configuration reports. Refer to Chapter 10, Reports, in the COMSPHERE 6700 Series Network Management System User’s Guide for more information about reports.

Configuration

Configuration creates a report listing the current NMS configuration records. Two configuration reports, Contact and Device Groups, are changed to include call security information.

Contact

Login ID

The user’s login.

Login Password

The user’s password.

Access Times

The hours of the day that the user owning the login ID has permission to dial in to NMS.

Security Groups

All security groups with which the user login ID is associated.

Device Groups

Use the Device Groups command to generate a report of all the device groups configured in NMS. Devices can be placed into a device security group to make it easier to configure more than one device with the same set of passwords and security options (see Configuring the Network Elementsin Chapter 2). The device security group information can then be viewed in a configuration report by using the Print All command.

The fields in a Device Security Group Configuration Report are as follows:

Security Group

The security group name entered on the Device Group Configuration input form.

H Answer Security Mode

The security mode assigned to the group name. Valid entries are the following:

— VF indicating that the local device must verify the password transmitted using DTMF tones.

— Login Only indicating that the DTE requires a password from the device before it permits access.

— VF/DTE indicating that both types of passwords are required by this security device group.

H Auto Dialer Security

If enabled, then the user must issue a unique command to the modem before the user can issue a dial command.

H Call Failure Reporting

If enabled, the modem reports call failures to the Security Manager.

H Call Success Reporting

If enabled, the modem reports successful calls to the Security Manager.

H Devices in Group

Lists the devices in the security group.

H Login Passwords

Lists the login passwords associated with the group.

H VF Passwords

Lists the VF passwords associated with the group.

VF Security

Use the VF Security command to generate a report of the VF names configured in NMS. See the Configuring Call Security section in Chapter 2, Network

Configuration.

"

Procedure

To create a VF Security Report:

1. Select Call Security from the Config pull-down menu.

2. Choose VF Passwords from the Call Security menu. The VF Passwords input form displays.

5. Choose either of the following from the Action menu:

— Print. The currently displayed VF password name will be printed.

— Print All. All VF names currently stored in the database will be printed. You can also use the following procedure to generate this report:

"

Procedure

1. Select Reports from the Main Menu.

2. Select Configuration from the Reports pull-down menu. 3. Select Type from the Device Configuration Report menu bar. 4. Select VF Security.

The fields on the VF Password Report are described as follows:

H VF Name

The name used to identify the VF password within the Security Manager feature.

H VF Password

The password that allows the remote device to gain access to the training sequence of a local device.

H Comments

Any comments entered during configuration.

H Access Type

What additional security is needed to gain access to the DTE side of the local device when the VF password is used. Valid entries are the following:

— VF Only indicates that only the VF password is needed.

— User Login indicates that a valid security password must be entered.

H Security Groups

Event Control Priorities Report

Event controls and their assigned priorities can be printed.

Procedure

To print event priorities:

1. Select Alerts and Events from the Config pull-down menu.

2. Choose Event Controls – Call Security from the Alerts and Events cascading menu. The Event Controls – Call Security window displays.

3. Enter the information.

4. Choose Save from the Action menu. 5. Choose Print from the Action menu.

Event History

Use Event History to create a report listing all the events that occurred during a selected period of time.

Procedure

To create an Event History Report:

1. Select Event History from the Reports pull-down menu. The Event History Report window appears.

3. Select the report period start date using the From Date scrolling date range field.

4. Select the report period start time using the From Time scrolling time range field.

5. Select the report period end date using the To Date scrolling date range field. 6. Select the report period end time using the To Time scrolling time range field.

Refer to the Date Field and Time Field sections of Appendix A in the COMSPHERE 6700 Series Network Management System User’s Guide for additional information.

7. Select the report destination, either the display or the printer. 8. Choose Execute.

9. Choose Print if you are currently displaying a report and you want to print it. The following shows an Event History Report.

The fields for an Event History Report are as follows:

Date

The date that the event occurred.

Time

The time that the event occurred.

User ID

Either the login ID or the VF name (indicated by an asterisk).

Device

The name of the device.

The password required by the device(s) with the security feature before access is permitted to front panel functions.

A process that transfers device firmware and software from a locally-attached PC to a device, or allows the duplication of firmware and software from a local device to a remote device.

The password required by the device(s) with the security feature before access is permitted to the DTE interface.

Dual-Tone Multi-Frequency. A signaling method using two voice frequencies to designate the tones used for touch-tone dialing, as distinguished from pulse dialing.

A group of devices that contains VF and/or DTE passwords.

The prompts and messages that display when using the login ID and Password access features of the modem.

Voice Frequency. The part of the audio frequency range used to transmit voice sound (usually 300 Hz to 3400 Hz). This band is used by the modem for its modulated signal. A series of DTMF signals that the receiving device used to verify that the remote calling device is permitted access.

A

Access Security Alarm, 1-1 action commands, 2-3, 2-9 auto dialer, 2-8

B

busy out device, 3-3

C

call security, 1-3, 2-1, 2-15, 2-16 call security event descriptions, 2-11 call statistics, 1-1 cascade, 2-25 clear event, 3-2 configuring call security, 2-16 contact list, 2-2 device group, 2-6

event controls for call security, 2-11 network

alerts, 2-10 elements, 2-2

system attributes and options, 2-14 confirmation required, 3-3 contact list, 2-1, 2-2 action commands, 2-3 control, 3-5

D

device groups, 2-1, 2-2, 2-6

device security group, action commands, 2-9 disconnect device, 3-3

download security table, 2-23, 3-3 DTMF, 1-2

E

equipment, customer-supplied, 1-3 event control, 2-1 history, file, 1-1

R

remove busy out device, 3-3 report

configuration, 4-1 contacts, 4-1 device groups, 4-2 event control priorities, 4-5 VF security, 4-3

reset security table, 2-20, 3-2

S

security control, 2-1 group password, 2-5 prompt strings, 2-21 security control, 2-19 commands administrative password, 2-22 download security table, 2-23 reset security table, 2-20 security prompt strings, 2-21 setting system options, 2-14 software description, 1-1 sort, 3-4

system