Educause Security Discussion mailing list archives

Re: Tracking use of your central credentials

From: "Rowe, Ken" <kenrowe () UILLINOIS EDU>
Date: Thu, 20 Nov 2008 17:35:40 -0600

Bob,
I know when we transition to Banner 8.1 this next year we are enabling
Banner security auditing to track who connects to what when. However,
while Banner will be able to log the login/logout, we rely on our
enterprise authentication service for logging that information.

Hope that helps some. Let me know if you have additional questions.

Ken.

Ken Rowe
Director of Enterprise Systems Assurance and Information Security
University Office of Administrative Information Technology Services
University of Illinois
50 Gerty Drive, MC-673
Champaign, IL 61820
E kenrowe () uillinois edu
O 217.265.0415
C 217.778.7693
F 217.333.6991
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Bob Bayn
Sent: Thursday, November 20, 2008 5:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Tracking use of your central credentials

I thought I asked these questions before, but didn't get any response.
I'll try framing them a little differently and see if anyone has
comparable issues or solutions.

We have central credentials based on our SCT Banner ID number, managed
in an ldap server and on domain servers, for authentication to a variety
of services including Banner, Exchange servers, USU-branded gmail,
Blackboard (cms), wikis, bulletin boards, lab access, desktop logins,
etc.  We are looking for a way to track or audit the uses of our central
credentials, either individually or collectively, on all of those
services.

After someone succumbs to a phishing message, we want to know when that
user's credentials were used so the user can identify instances that
were not legit.

We'd like to be able to tell which credentials are being used to login
from China so we can check with those users to see if they ARE in China.

We'd like to give our users access to a log of their own recent
credential transactions for their verification.

Is anybody doing anything like this?  If so, how?  If not, what other
way is there to get the assurance that credentials are being used only
by their rightful owner?


Bob Bayn     (435)797-2396     Security Team coordinator
"IT will NEVER ask for your password via email, honest!"
Office of Information Techology at Utah State University

Current thread:

Tracking use of your central credentials Bob Bayn (Nov 20)
- <Possible follow-ups>
- Re: Tracking use of your central credentials Bristol, Gary L. (Nov 20)
- Re: Tracking use of your central credentials Rowe, Ken (Nov 20)
- Re: Tracking use of your central credentials Mike Iglesias (Nov 20)
- Re: Tracking use of your central credentials Bob Bayn (Nov 20)
- Re: Tracking use of your central credentials Bob Bayn (Nov 20)