Monitoring Mailbox Logon And Thru-Dialing Activities; Nortel Callpilot; Administrator Guide; Nn44200-601 01.11 Standard - Nortel CallPilot Administrator's Manual

104 Chapter 7 Security recommendations
•
•
•
Notification of suspicious activity
You can find out about the generated alarms by
•
•
•

Monitoring mailbox logon and thru-dialing activities

If you suspect abuse of mailbox privileges, you can monitor mailbox logon
and thru-dialing activities. After you determine the cause of suspicious
activity and resolve the problem, remove the corresponding mailboxes from
the monitoring list.
Alarms that can be generated
The following alarms are generated whenever a logon or thru-dial attempt
originates from a monitored mailbox:
Event number
55703
55717
55750
Copyright © 2007, Nortel Networks
.
custom applications that hackers may be using for unauthorized thru-dial
activities
SMTP/VPIM IP addresses, user IDs, and FQDNs
the number of successful and unsuccessful logins to CallPilot Manager
and Application Builder
viewing the Alarms Monitor regularly to learn of new alarms
setting up an alarm mailbox so that whenever an alarm is generated, the
system sends a voice message to the mailbox to alert you
enabling remote notification for the alarm mailbox so you are notified of
new alarm messages immediately at a specified number, such as a
pager or cell phone
Note: An event code is generated each time someone logs on to a
mailbox or the thru-dial process transfers a call from it.
Description
Unknown system error occurred while attempting to
transfer a call for an Application Builder application
OR
Unknown system error occurred in the Call Transfer
block of an Application Builder application.
A thru-dial block uses name or both name and number
dialing, but no name prefix is defined for the name
dialing service.
Successful login to a mailbox from a directory number
(DN) monitored by Hacker Monitor.

Nortel CallPilot

Administrator Guide

NN44200-601 01.11 Standard

5.0 9 November 2007