Educause Security Discussion mailing list archives
Re: Password Cracking & Consequences
From: Michael Mills <mmills () RKON COM>
Date: Fri, 27 Aug 2004 13:12:17 -0500
On windows systems, you can configure audit events that will track these things. Also a good point you made was in the real-time event reporting tools that are available. Having a log consolidation/management, and alerting escalation program is a wise investment for any university. Also surprisingly cost effective. One of the many products out there http://www3.ca.com/Solutions/Product.asp?ID=4351 Again www.sans.org is a good spot to get advice on the creation of audit and password policies. Michael Mills -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Friday, August 27, 2004 11:33 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password Cracking & Consequences Michael Mills wrote:
Actually is does matter. If the IT staff "Cracks" users accounts then the IT staff can log on as that user and do as they wish (any department for that matter). However if that same IT person changes that users password and then logs on as that person, an audit trail is created. Even if that
IT
user would delete that audit trail, that deletion would show up in the
audit
trail.
That may be the intention but I don't know of too many commercial operating systems and applications that can protect an audit trail from a privileged user. Add-on tools could be used to transfer events in real-time to another system but how many people are using them? Even if you did, you'd have the same issue about trust in the auditors. -- Gary Flynn Security Engineer James Madison University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Password Cracking & Consequences, (continued)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Theresa M Rowe (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Eric Pancer (Aug 27)
- Re: Password Cracking & Consequences Christian Wilson (Aug 27)
- Re: Password Cracking & Consequences Justin Azoff (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Scott Bradner (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Mike Austin (Aug 27)
- Re: Password Cracking & Consequences Davis, Thomas R. (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Gary Flynn (Aug 27)
- Re: Password Cracking & Consequences Michael Mills (Aug 27)
- Re: Password Cracking & Consequences Cal Frye (Aug 28)
- Re: Password Cracking & Consequences Jere Retzer (Aug 28)
(Thread continues...)