Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Cracking & Consequences

From: Michael Mills <mmills () RKON COM>
Date: Fri, 27 Aug 2004 13:12:17 -0500
On windows systems, you can configure audit events that will track these
things.  Also a good point you made was in the real-time event reporting
tools that are available.  Having a log consolidation/management, and
alerting escalation program is a wise investment for any university.  Also
surprisingly cost effective.

One of the many products out there
http://www3.ca.com/Solutions/Product.asp?ID=4351

Again www.sans.org is a good spot to get advice on the creation of audit and
password policies.


Michael Mills

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn
Sent: Friday, August 27, 2004 11:33 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Cracking & Consequences

Michael Mills wrote:


Actually is does matter.  If the IT staff "Cracks" users accounts then the
IT staff can log on as that user and do as they wish (any department for
that matter).  However if that same IT person changes that users password
and then logs on as that person, an audit trail is created.  Even if that

IT

user would delete that audit trail, that deletion would show up in the

audit

trail.


That may be the intention but I don't know of
too many commercial operating systems and
applications that can protect an audit trail
from a privileged user. Add-on tools could be
used to transfer events in real-time to another
system but how many people are using them? Even
if you did, you'd have the same issue about trust
in the auditors.


--
Gary Flynn
Security Engineer
James Madison University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the individual named. If you are not the named 
addressee you should not disseminate, distribute or copy this e-mail.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: