AlertMobile 4.0 Pro for Windows NT/2000
 

- INTRODUCTION -

AlertMobile is a special software for computer security incidents response. It
monitors  all  attempts of unauthorized computer activity, sends SMS alerts to
mobile device, receives and handles response commands. AlertMobile Pro has the
following features:
 
- Recording of user logon name, date, time and computer name 
- Monitoring of active tasks list 
- Handling of critical programs list 
- Sending of SMS alerts to the security administrator's mobile phone 
- Receiving of control commands from the security administrator's mobile phone 
- Protection from unauthorized external access 
- Protection from unauthorized physical access 

With  control  commands  you  can remotely administer your computer via mobile
phone. Just send the SMS from your mobile and one of the following actions can
be performed:
 
- Displaying of messages sent from mobile phone 
- Disabling of user's account and forcing system restart 
- Termination of active process 
- Termination of all active processes from monitored processes list 
- Locking of active process 
- Locking of all active processes from monitored processes list 
- Dismounting of all protected drives 
- Tracing the route of stolen or lost notebook or desktop PC 
- Sending to mobile phone the confirmation of command execution status 

AlertMobile  can  be  used  by  security  administrators  for  control  of the
corporate  security  policy,  by  parents  for  monitoring  of  their children
computer  activity, or by anyone else who wants to ensure that nobody uses his
or her computer without permission.


- INSTALLATION -

Before  installation  be sure to completely uninstall the previous versions or
modifications of AlertMobile.

To install AlertMobile Pro on your computer you have to:

1.  Unpack  (unzip)  all  files  from the distribution package (downloaded zip
file)    to   some   temporary   folder.   You   can   use   WinZip   software
(http://www.winzip.com) or similar to do that.
2. Run amprod.exe file and follow the instructions. 
3.  Run  the  Configuration Utility to set up all necessary options and enable
monitoring.

NOTE:  You  must  have  the Administrator's privileges to successfully install
AlertMobile.


- UNINSTALLATION -

You  can  uninstall  AlertMobile  4.0  Pro  from Add/Remove Programs applet of
Control Panel.


- CONFIGURATION TOOL -

Run  AlertMobile  Configuration  Utility  to set up all necessary options. The
Configuration Utility is made as a property sheet and has the following tabs:

- Service Control
- Monitoring
- Sender Settings
- Remote Administration
- Advanced
- Response
- Event Log
- Security
- Packet Fields
- About


- Service Control -

In  this  tab  you  can  control  the status of AlertMobile service. Press the
button  "Start monitoring" to run the service or "Stop monitoring" to stop it.
By  default, the service is configured to run automatically on system startup.
So it will be activated again after system restart in any case. You can change
the startup option manually via the Service Control Manager.

In   active   state,   when  monitoring  is  enabled,  you  will  receive  the
notifications about selected events on your mobile device. All events that can
be  monitored  are listed in the next tab. The notifications are sent as short
text  messages  (SMS)  in  special  format,  described  in the section "Packet
Fields".  You should configure "Sender Settings" to receive SMS alerts on your
mobile phone.

When monitoring is disabled, no alerts will be sent to your mobile device. For
example,  you  can  disable monitoring while working on the computer yourself,
when  you  are  sure  that  no  one  else can logon to your system or run your
critical  applications.  When  you  finish  your  work, you can either run the
configuration  utility and enable monitoring, or just shut down the system. On
the  next  power  up  AlertMobile  will  be started automatically and you will
immediately  receive an SMS alert. You should not worry any more that somebody
can use your computer without your awareness of it.
 

- Monitoring -

In  this tab you can configure all monitoring options available in the current
version of AlertMobile.

There  are  two  things  that  you  can  control - system logon and running of
selected  programs.  If  any  of  these  events occurs you will receive an SMS
alert.

Checking  the  options  below  the  system logon will enable including of this
information  to  SMS text. For example, if you check "User name" then the name
of currently logged on user will be included in SMS alert about system logon.

Checking the option "Monitored programs list" will enable monitoring of active
processes  list.  If  any of selected programs starts, you will receive an SMS
alert  on  your  mobile  phone. Use Add and Remove buttons to create a list of
monitored  programs. This list is also used by the control commands "Terminate
all  active  processes  from  monitored  processes  list" and "Lock all active
processes from monitored processes list".
 

- Sender Settings -

In  this  section  you  must provide all information necessary to send the SMS
alerts to your mobile device.

SMS  are  sent using the electronic gate that coverts the emails to short text
messages  for  mobile  phones.  Usually most cellular operators have their own
such  gates  that  can be used free of charge by their clients. Besides, there
are  also free public gates available to anyone all around the world. The most
popular  example  -  ICQ's  SMS  service.  You can use it by entering you full
mobile number beginning with "+" and after it "@icqsms.com", for example:

			+xxxxxxxxxxx@icqsms.com

where "x" is a digit of your mobile number.

Other options, including SMTP server settings, are self-explanatory.


- Remote Administration -

With  AlertMobile  you  can  remotely  control  the computer using your mobile
phone.

In the current version there are 6 control commands available:

- Display messages sent from mobile phone (MSG by default)
- Disable user account and force system restart (LOCK by default)
- Terminate active process (KILL by default)
- Terminate all active processes from monitored processes list (KILLALL by
  default)
- Lock active process (PROCLOCK by default)
- Lock all active processes from monitored processes list (LOCKALL by default)

Most cellular operators take charge for outgoing SMS messages, so this feature
is disabled by default.

Remote  administration  is  implemented  via POP3 server. You send the control
commands  of  specified format to email address. AlertMobile checks this email
address for new messages.

To  send  the  control command choose "New message" item on your mobile phone.
Then type:

			email@address CMD param

and  send  this  message  to  a  number  of SMS-to-Email gate provided by your
cellular operator.

email@address  is  the  address  of POP3 server account used by AlertMobile to
receive  control  commands.  It  is  not recommended to use your existing mail
account because AlertMobile locks it to avoid conflicts. You should create for
this  purpose  a new account on your corporate mail server (recommended) or on
some  freeware  public  mail server with support of POP3 protocol. Provide the
information  about  this  account  (server  address, name and password) in the
"Response" tab.

CMD  is  the AlertMobile's control command (MSG, LOCK, KILL, KILLALL, PROCLOCK
or LOCKALL).

param is the command parameter, if required. For MSG command param is the text
of message, for example:

		email@address MSG Who is working on my PC?

For LOCK command param is the name of user's account, for example:

			email@address LOCK john

After system restart the user john will not be able to log on.

For KILL and PROCLOCK commands param is the process identifier, for example:

			email@address KILL 77
or

			email@address PROCLOCK 77

When  you  receive  the  SMS  about  activation  of  a  process from monitored
processes  list, there is the process identifier included in the field "PI: ".
You  can  use  this identifier in KILL and PROCLOCK commands. The command KILL
just  terminates the active process. The command PROCLOCK first terminates the
process and then locks it, so nobody can start it again until system restart.

The commands KILLALL and LOCKALL do not require any parameters. They terminate
or/and  lock all currently active processes specified in the "Monitoring" tab.
For example:

			email@address KILLALL
or

			email@address LOCKALL

NOTE:  If  message  IDs  are  enabled  in  security settings, you must use the
following format of control commands:

			email@address xxxxxxxx CMD param

where xxxxxxxx is the ID of last received SMS alert.

If  the option "Send to mobile phone confirmation of command execution status"
is  enabled,  you  will receive a notification SMS after execution of command.
"ST: +O" means that all is OK, "ST: -F" means that command failed.

For security reasons, you can change the standard names of control commands to
your own unique names. See the "Packet Fields" tab.


- Advanced -

Advanced options include two additional response commands:

- Trace route of monitored PC to selected host (ROUTE by default)
- Dismount all StrongDisk-protected drives (DSMT by default)

Also,  advanced  options  allow  to  remotely  control  a set of sensing units
plugged into COM port for physical protection of rooms, safes, etc.

Commands ROUTE and DSMT are used without parameters. For example: 

			email@address ROUTE
			
			email@address DSMT

Upon  execution  of ROUTE command you will receive on your mobile phone a list
of 5 route IP-addresses.

NOTE:  If  message  IDs  are  enabled  in  security settings, you must use the
following format of control commands:

			email@address xxxxxxxx ROUTE

			email@address xxxxxxxx DSMT

where xxxxxxxx is the ID of last received SMS alert. 

If   physical  protection  is  enabled,  you  will  receive  SMS  alerts  when
AlertMobile  detects  some  of the sensing units to be in signalled state. You
must  select  the number of COM port which the set of sensing units is plugged
into. Also, you must determine the time gap of alert actuation.

Be  very  careful while using this feature. Read section 5 of End User License
Agreement (license.txt).

For additional information, see RS-232 interface characteristics and signals. 
 

- Response -

AlertMobile  receives  response commands from the administrator's mobile phone
using POP3 server. Settings it this tab are available if remote administration
is enabled.

It  is  not  recommended to use your existing mail account because AlertMobile
locks  it to avoid conflicts. You should create for this purpose a new account
on  your  corporate  mail server (recommended) or on some freeware public mail
server  with  support  of  POP3  protocol.  Provide the information about this
account (server address, name and password) in "POP3 server settings" section.

 

- Event Log -

AlertMobile  operates quite silently. It does not produce any informational or
warning  messages  that  would  tell  the  user  about  the  presence  of some
monitoring  tool  on  the  computer. But the security administrator needs some
diagnostic  information  to  see  whether AlertMobile works properly. For this
purpose  the  auditing  of  selected  events  is  provided. The informational,
warning  or  error messages during the AlertMobile operation can be audited to
the  Application Log. Then the security administrator uses Event Viewer to see
these messages.

Use  this  option  accurately  because,  if  everything  is selected, a lot of
information is produced to the Application Log.
 

- Security -

You can protect AlertMobile Configuration Utility with logon password. 

Maximal  password  length  is 50 characters. Passwords are case-sensitive. Any
printed  characters are accepted. Remember about general password requirements
- not to enter your name etc.

The  next  option  is  to  include  IDs in every SMS alert sent to your mobile
phone.  These IDs protect the system from spoofing with false control commands
sent by malicious users. If IDs are not used, anyone who knows the POP3 server
account  used  by AlertMobile and format of control commands can remotely send
to  your  computer  any messages. But if you enable IDs, in every SMS you will
see  the  additional field "ID: xxxxxxxx", where xxxxxxxx is a random sequence
of  8 characters from the range 0-9, a-z, A-Z. Then, if you want to reply from
your mobile phone on the received SMS alert with some message, you have to put
its  ID  before  the  control command. See "Remote Administration" section for
example.

Safeguards that give you maximal protection from malicious intruders:

- Special email address used by AlertMobile to receive control commands
- Unique names of control commands
- Message IDs in every SMS


- Packet Fields -

You  can  adjust  the  standard  names  of data fields used by AlertMobile for
sending  of  SMS  alerts  and receiving of control commands. Your own names of
control  commands  can serve as additional security measure. Some other fields
you cannot change. The full description follows:

Alert fields: 

ID  -  Message  identifier.  Used  for  identification of incoming messages to
prevent the system from spoofing with false control commands.
EV: Startup - Operating system startup and user logon. 
EV: Process - Process activation. Activation of a process from controlled
programs list. 
EV: Route - Trace route. Tracing of route from monitored PC to selected host. 
EV:  Signal  - Signalization actuation. Some of sensing units plugged into COM
port are in signalled state.
EV: Confirm - Command confirmation. Confirmation of the response command
execution. 
CN  -  Computer  name.  The  name  of  computer  where the monitored event has
occurred.
UN - User name. The name of currently logged on user. Can be used with control
command LOCK.
PN  -  Process  name.  The name of started process from the monitored programs
list.
PI - Process identifier. Can be used with control commands KILL and PROCLOCK. 
DT - Date and time when the monitored event has occurred. 
IP - List of route IP addresses. 
ST: +O - Response command execution status. All is OK. 
ST: -F - Response command execution status. Command failed. 

Command fields: 
MSG - Display messages sent from mobile phone. 
LOCK - Disable user account and force system restart. 
KILL - Terminate active process. 
KILLALL - Terminate all active processes from monitored processes list. 
PROCLOCK - Lock active process. 
LOCKALL - Lock all active processes from monitored processes list. 
ROUTE - Trace route of monitored PC to selected host. 
DSMT - Dismount all StrongDisk-protected drives. 

Command names cannot contain spaces. Command names are case-sensitive. 
 

- UNREGISTERED VERSION LIMITATION -

Unregistered  version  of  AlertMobile 4.0 Pro is completely functional except
the warning message on Windows startup. This message tells the user that he or
she  works  under  monitoring  program.  The  message disappears after program
registration.

Warning: you can use the unregistered version for 15 days only. 


- ONLINE REGISTRATION -

To register AlertMobile 4.0 Pro online, please go to:
   http://www.softsecurity.com/order.html?ref=am4pro


- CONTACT US -

Technical support: support@softsecurity.com
FAX: (508) 355-8507 (US Location) 


             Copyright (C) 2000-2001 Raytown Corp. All rights reserved.
