Firewall Wizards mailing list archives
Re: Passwords
From: Rick Smith <rick_smith () securecomputing com>
Date: Wed, 13 Oct 1999 12:45:54 -0500
At 12:19 PM 10/13/99 -0500, Don Helms wrote:
However, you can track the activity on a given account and see if the
patterns
change. For example, the guy that logs in to one app every moorning, does
his
work and goes home. If suddenly that user is running this app, that app and poking round at random, his password might have been compromised. Also keep an eye on time of day for new and unusual activity.
Does anyone have experience with such a thing in an operational environment? My impression was that these systems were had very limited benefits. At most they might help with network and server performance tuning, not security. In the real world it seemed that they'd either be useless at detecting intrusions or they'd be constantly nagged with false alarms (i.e. changes from one project to another). The fact that an intrusion took place doesn't prove the password was compromised, though it's probably the way to bet with most systems these days. Rick. smith () securecomputing com "Internet Cryptography" at http://www.visi.com/crypto/
Current thread:
- Passwords Rex Murphy (Oct 06)
- Re: Passwords Rick Smith (Oct 12)
- Re: Passwords Don Helms (Oct 16)
- Message not available
- Re: Passwords Rick Smith (Oct 16)
- Re: Passwords Rick Smith (Oct 12)
- <Possible follow-ups>
- RE: Passwords sean . kelly (Oct 12)
- RE: Passwords Siglite (Oct 16)
- RE: Passwords Peter J. Kunz (Oct 16)
- RE: Passwords LeGrow, Matt (Oct 18)
- RE: Passwords Doty, Ted (ISSAtlanta) (Oct 18)
- Re: Passwords Vin McLellan (Oct 18)