 |
Administering the Access Security Gateway (ASG)
|
This topic has the following information:
The Access Security Gateway (ASG) provides the
newest generation of strong authentication for the INTUITY AUDIX system
logins. See Security Overview and the ASG
Key User Guide, document number 585-212-012, for more information
about ASG and INTUITY AUDIX security.
ASG protects the INTUITY AUDIX system by challenging
each potential dial-up session user when the authentication type is
set to ASG for that particular login (such as sa or vm). See Maintaining
ASG Login IDs for more information on adding an ASG login.
|
Authentication Type? |
ASG |
ASG Challenge/Response |
|
Password |
System Password |
|
Blocked |
no access allowed |
In order to respond to the ASG challenge, the
user must have a handheld device, called the ASG Key. The ASG Key must
be set with an ASG secret key number that matches that of the user's
ASG secret key number in the INTUITY AUDIX system.
How to Log In with ASG
When you begin a remote session with an INTUITY
AUDIX system that has the ASG feature activated, the system prompts
you with a challenge.
To log in to a system that has ASG activated
for your login:
- Enter your login ID at the
login: prompt.
The terminal screen displays the following
message:
Challenge: xxxxxxx
Response:
- Press ENTER (
) on the ASG Key to start the ASG Key.
The ASG Key displays the following message:
PIN:
- On the ASG Key, type your PIN and press ENTER
( ).
- On the ASG Key, type the challenge number
that is displayed on the terminal screen, and press ENTER (
).
The ASG Key displays the unique, 7-digit
response number that corresponds to the challenge number you entered.
The challenge and response numbers are valid for this session only.
- On the terminal screen at the
Response:
prompt, enter the response number that is displayed on the
ASG Key.
If the authentication process is successful,
the system displays the Messaging Administration main
menu for the sa login or the AUDIX Command
Prompt screen for the vm login. If the authentication process
fails, the system makes an entry in the system History Log and displays
the following message:
INVALID LOGIN
After a certain number of unsuccessful attempts,
which is set in the Login Security Violation
Warning Administration page, a warning alarm is generated.
Maintaining
ASG Login IDs
Once you establish an ASG login for a Login
ID, anyone with that login who attempts to access your system remotely
through a protected port is prompted for the challenge response number.
|
Enabling validation for the vm login causes interruption of the
INTUITY administration and data acquisition package (ADAP). If
you use ADAP, do not enable ASG for the vm login. |
|
Note: The default
authentication type for sa and vm is UNIX, which requires
the usual UNIX login and password. You must be logged in as sa
to add an ASG login for sa or vm. |
Adding an ASG Login
To add a new ASG login to your system:
- Start at the Messaging Administration main menu and select under Security:
The system displays the ASG
Security Login Administration page.
-
Select the login from the Login ID: drop-down menu.
- Select ASG from the Authentication
Type? drop-down menu to activate ASG authentication.
| Note: If you select Password
from the Authentication Type? drop-down menu, the system uses
regular INTUITY AUDIX password protection. See Guidelines
for Passwords for more information. |
- Do one of the
following in the System Generated Secret Key field:
- Select Yes to have the system randomly
generate an ASG secret key number. Then leave the Secret Key:
field blank.
- Select No if you want to enter
the secret key that the system uses to generate ASG responses.
Then type the secret key in the Secret Key: field.
- Do not make a selection for System Generated
Secret Key field if you selected Password in the Authentication
Type? field. Then leave the Secret Key: field blank, also.
- Click Save
to make the changes.
- A confirmation
page displays the ASG secret key number that must match the ASG Key
when a user attempts to log in. The ASG secret key number must be
entered into the ASG Key as Key1 or Key2.
Blocking or Reinstating Access
Privileges for an ASG Login
You can block ASG login access temporarily if
you need to.
To block or reinstate access for the ASG login:
- Start at the Messaging Administration main menu and select under Security:
The system displays the ASG
Security Login Administration page.
- Select the Login ID (User ID) that you want
to block or reinstate. You can choose only from the IDs in the list.
You cannot create new IDs.
- To block the user's access to the system,
select Blocked from the Authentication Type? drop-down menu.
- To reinstate the user's access to the system,
select ASG from the Authentication Type? drop-down menu.
- Click Save to accept the page settings.
A confirmation page displays.
Changing the ASG Secret Key Number for an ASG Login
The ASG secret key number is used by the system
and by the ASG Key handheld device to create challenge response pairs
of numbers. If an ASG secret key number is lost or compromised, it must
be changed in the system and in all associated ASG Key handheld devices.
To change the ASG secret key number:
- Start at the Messaging Administration main menu and select under Security:
The system displays the ASG
Security Login Administration page.
- Select the ASG login ID from the Login ID:
drop-down menu.
- Select Yes in the System Generated
Secret? field if you want the system to generate a unique Secret Key
number, or select No in the System Generated Secret? field
if you want to enter your own Secret Key number.
- Complete the Secret Key: field if you selected
No from the System Generated Secret? drop-down menu.
- Click Save to accept the page settings.
-
A confirmation page displays the ASG secret
key number that must be entered into the ASG Key handheld device.
Displaying ASG Login Information
You can check on the status of an ASG login
whenever you need to.
To display ASG login information:
- Start at the Messaging Administration main menu and select under Security:
The system displays the Display
ASG Security Login Information page.
Disabling ASG Authentication
If you want to discontinue ASG protection for
a particular login, change the Authentication Type to Password. This
will allow access to the INTUITY AUDIX system with just the login ID
and password.
To disable ASG authentication:
- Start at the Messaging Administration main menu and select under Security
The system displays the ASG
Security Login Administration page.
- Select the Login ID (User ID) for which you
want to disable ASG authentication from the Login ID drop-down menu.
- Select Password from the Authentication Type?
drop-down menu.
- Click Save to accept the page settings.
A confirmation page displays.
Setting
and Resolving Violation Warnings
ASG tracks the number of unsuccessful login
attempts and the time between unsuccessful login attempts. If someone
exceeds the allowed number of failed login attempts, a warning is added
to the Alarm Log.
Setting Notification Limits
To set alarm parameters for ASG:
- Start at the Messaging Administration main menu and select under Security:
The system displays the Login
Security Violation Warning Administration page.
- Type a new value in the Number of failed login
attempts: field, if needed.
- Type a new value in the Failed login measurement
window: field, if needed.
- Click Save to accept the page settings.
- Specify whether you want to resolve an active ASG warning alarm
in the Resolve existing alarm? field. Select Yes to specify that you
want to resolve an active ASG warning alarm. Select No to specify
that you do not want to change the status of any active alarms.
A confirmation page displays.
Resolving ASG Violation Alarms
To resolve an ASG warning:
- Start at the Messaging Administration main menu and select under Security:
The system displays the Login
Security Violation Warning Administration page.
- Select Yes from the Resolve existing alarm?
menu.
- Click Save to accept the page settings.
A confirmation page displays.
Top of page
|
