Educause Security Discussion mailing list archives
Re: Tracking use of your central credentials
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 20 Nov 2008 17:44:40 -0700
Thanks, Mike. I used to do that sort of thing with our old credential system that served our email system and things like the proxy and vpn servers. But now all the logs are distributed and under the control of various sysadmins. I'm looking for support for a way to get those logs pooled again with a query tool that the security team will have access to. But, thanks for the example of someone who is able to do some of this. Bob Bayn (435)797-2396 Security Team coordinator "IT will NEVER ask for your password via email, honest!" Office of Information Techology at Utah State University ________________________________________ From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Iglesias [iglesias () UCI EDU] Sent: Thursday, November 20, 2008 4:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Tracking use of your central credentials Bob Bayn wrote:
We'd like to be able to tell which credentials are being used to login from China so we can check with those users to see if they ARE in China.
If you can parse your logs with perl, you can use the Geo::IP::PurePerl module (available from CPAN) to get the two character country code for the IP used, and then generate your reports based on that. For example, we use that module to generate reports for users of our VPN service so they can tell if their ID/password is being misused from outside the US. You do have to keep a database up to date but it's only updated once a month at the source so it's not that hard. Just download the new file and replace the old one with it. -- Mike Iglesias Email: iglesias () uci edu University of California, Irvine phone: 949-824-6926 Network & Academic Computing Services FAX: 949-824-2270
Current thread:
- Tracking use of your central credentials Bob Bayn (Nov 20)
- <Possible follow-ups>
- Re: Tracking use of your central credentials Bristol, Gary L. (Nov 20)
- Re: Tracking use of your central credentials Rowe, Ken (Nov 20)
- Re: Tracking use of your central credentials Mike Iglesias (Nov 20)
- Re: Tracking use of your central credentials Bob Bayn (Nov 20)
- Re: Tracking use of your central credentials Bob Bayn (Nov 20)