Educause Security Discussion mailing list archives
Auditing the use of our Central Credentials
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 6 Nov 2008 09:34:59 -0700
We have a new central credential authentication system this year. It's home grown and has no log auditing capabilities. We know from experience with the scattered systems that it replaced that auditing capability is useful. We've identified sources of password guessing, sources of unauthorized password use (were you in China yesterday? Your password was.) and have watched for uses of passwords exposed by successful phishing. At the moment, management is satisfied that the authentication system works and is relatively unconcerned about our inability to audit the uses of the system. So, I'm looking for info about how other institutions audit the use of authentication credentials, and especially anecdotes about how that capability is valuable for preserving and insuring security and protection of information. Bob Bayn (435)797-2396 Security Team coordinator Office of Information Techology at Utah State University
Current thread:
- Auditing the use of our Central Credentials Bob Bayn (Nov 06)