AlertMobile 4.0 Light for Windows NT/2000


- INTRODUCTION -

AlertMobile is a special software for computer security incidents responce. 
It monitors all attempts of unauthorized computer activity, sends SMS alerts 
to mobile device, receives and handles responce commands. AlertMobile Light 
has the following features: 
 
- Recording of user logon name, date, time and computer name 
- Monitoring of active tasks list 
- Handling of critical programs list 
- Sending of SMS alerts to the security administrator's mobile phone 
- Receiving of control commands from the security administrator's mobile phone 
- Protection from unauthorized external access 

AlertMobile can be used by security administrators for control of the corporate 
security policy, by parents for monitoring of their children computer activity, 
or by anyone else who wants to ensure that nobody uses his or her computer 
without permission. 


- INSTALLATION -

To install AlertMobile Light on your computer you have to:

1.  Unpack (unzip) all files from the distribution package (downloaded zip 
    file) to some temporary folder. You could use WinZip software 
    (http://www.winzip.com) or similar to do that. 
2.  Run amlightd.exe file and follow the instructions. 
3.  Run the Configuration Utility to set up all necessary options and enable 
    monitoring. 

NOTE: You must have the Administrator's privileges to successfully install 
AlertMobile Light. 


- UNINSTALLATION -

You can uninstall AlertMobile 4.0 Light from Add/Remove Programs applet of 
Control Panel.


- CONFIGURATION TOOL -

Run AlertMobile Light Configuration Tool to set up all necessary options. 
The Configuration Tool is made as a property sheet and has the following tabs:

- Service Control
- Monitoring
- Sender Settings
- Remote Administration
- Event Log
- Security
- Packet Fields
- About


- Service Control -

In this tab you can control the status of AlertMobile service. Press the 
button "Start monitoring" to run the service or "Stop monitoring" to stop 
it. By default, the service is configured to run automatically on system 
startup. So it will be activated again after system restart in any case. 
You can change the startup option manually via the Service Control Manager. 
In active state, when monitoring is enabled, you will receive the notifications 
about selected events on your mobile device. All events that can be monitored 
are listed in the next tab. The notifications are sent as short text messages 
(SMS) in special format, described in the section "Packet Fields". You should 
configure "Sender Settings" to receive SMS alerts on your mobile phone. 
When monitoring is disabled, no alerts will be sent to your mobile device. For 
example, you can disable monitoring while working on the computer yourself, when 
you are sure that no one else can logon to your system or run your critical 
applications. When you finish your work, you can either run the configuration 
utility and enable monitoring, or just shut down the system. On the next power 
up AlertMobile will be started automatically and you will immediately receive an 
SMS alert. You should not worry any more that somebody can use your computer 
without your awareness of it. 
 

- Monitoring -

In this tab you can configure all monitoring options available in the Light 
version of AlertMobile. 
There are two things that you can control - system logon and running of selected 
programs. If any of these events occurs you will receive an SMS alert. 
Checking the options below the system logon will enable including of this 
information to SMS text. For example, if you check "User name" then the name of 
currently logged on user will be included in SMS alert about system logon. 
Checking the option "Program activation" will enable monitoring of active tasks 
list. If any of selected programs starts, you will receive an SMS alert on your 
mobile phone. Use Add and Remove buttons to create a list of monitored programs. 

 
- Sender Settings -

In this section you must provide all information necessary to send the SMS alerts 
to your mobile device. 
SMS are sent using the electronic gate that coverts the emails to short text 
messages for mobile phones. Usually most cellular operators have their own such 
gates that can be used free of charge by their clients. Besides, there are also 
free public gates available to anyone all around the world. The most popular 
example - ICQ's SMS service. You can use it by entering you full mobile number 
beginning with "+" and after it "@icqsms.com", for example: 
+xxxxxxxxxxx@icqsms.com, where "x" is a digit of your mobile number. 
Other options, including SMTP server settings, are self-explanatory. 
 

- Remote Administration -

With AlertMobile you can remotely control the computer using your mobile phone. 
In the Light version there is only one option available to demonstrate the power 
of this feature. You can send messages from your mobile phone and they will be 
displayed on the computer screen. 
Most cellular operators take charge for outgoing SMS messages, so this feature is 
disabled by default. 
Remote administration is implemented via POP3 server. You send the control 
commands of specified format to email address. AlertMobile checks this email 
address for new messages. 
To send the control command choose "New message" item on your mobile phone. 
Then type: 
                    email@address MSG Message text
and send this message to a number of SMS-to-Email gate provided by your cellular 
operator. 
MSG is the AlertMobile's control command for displaying of message. 
email@address is the address of POP3 server account used by AlertMobile to receive 
control commands. It is not recommended to use your existing mail account because 
AlertMobile locks it to avoid conflicts. You should create for this purpose a new 
account on your corporate mail server (recommended) or on some freeware public 
mail server with support of POP3 protocol. Provide the information about this 
account (server address, name and password) in "POP3 server settings" section. 
NOTE: If message IDs are enabled in security settings, you should use the following 
command: 
                 email@address xxxxxxxx MSG Message text
where xxxxxxxx is the ID of last received SMS alert. 


- Event Log -

AlertMobile operates quite silently. It does not produce any informational or 
warning messages that would tell the user about the presence of some monitoring 
tool on the computer. But the security administrator needs some diagnostic 
information to see whether AlertMobile works properly. For this purpose the 
auditing of selected events is provided. The informational, warning or error 
messages during the AlertMobile operation can be audited to the Application Log. 
Then the security administrator uses Event Viewer to see these messages. 
Use this option accurately because, if everything is selected, a lot of 
information is produced to the Application Log. 
 

- Security -

You can protect AlertMobile Configuration Utility with logon password. 
Maximal password length is 50 characters. Passwords are case-sensitive. Any 
printed characters are accepted. Remember about general password requirements - 
not to enter your name etc. 
The next option is to include IDs in every SMS alert sent to your mobile phone. 
These IDs protect the system from spoofing with false control commands sent by 
malicious users. If IDs are not used, anyone who knows the POP3 server account 
used by AlertMobile and format of control commands can remotely send to your 
computer any messages. But if you enable IDs, in every SMS you will see the 
additional field "ID: xxxxxxxx", where xxxxxxxx is a random sequence of 8 
characters from the range 0-9, a-z, A-Z. Then, if you want to reply from your 
mobile phone on the received SMS alert with some message, you have to put its 
ID before the control command. See "Remote Administration" section for example. 
 

- Packet Fields -

You can adjust the standard names of data fields used by AlertMobile for sending 
of SMS alerts and receiving of control commands. Usually it is not recommended 
to modify the default values, they are given for your information. Description 
of fields: 
ID - Message identifier. Used for identification of incoming messages to prevent 
the system from spoofing with false control commands. 
EV - Event type. Shows the type of event that caused the SMS alert to be produced. 
EV: Startup - Operating system startup and user logon. 
EV: Process - Process activation. Activation of a process from controlled programs 
list. 
EV: Confirm - Command confirmation. Confirmation of the response command execution. 
CN - Computer name. The name of computer where the monitored event has occurred. 
UN - User name. The name of currently logged on user. 
PN - Process name. The name of started process from the controlled programs list. 
DT - Date and time when the monitored event has occurred. 
MSG - Control command that can be sent from a mobile device for displaying a 
message on a computer screen. 
ST - Command execution status. Shows whether the response command was successfully 
executed. 
 

- DEMO VERSION LIMITATION -

Unregistered version of AlertMobile 4.0 Light is completely functional except 
the warning message on Windows startup. This message tells the user that he or she 
works under monitoring program. The message disappears after program registration. 


- CONTACT US -

Technical support: support@softsecurity.com
FAX: (508) 355-8507 (US Location) 
 

             Copyright (C) 2000-2001 Anna Ltd. All rights reserved.
 
