Educause Security Discussion mailing list archives
Re: Login/Logoff Activity
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 24 Apr 2013 18:24:09 -0400
On Wed, 24 Apr 2013 15:01:36 -0400, Walter Moore said:
investigations. We have never made any effort to see see if people are accessing restricted systems when they are on sick leave or vacation.
Though the case can be made that if Joe Smith is known to be on vacation in Hawaii, any attempted access with his credentials from Zanzibar is probably suspect. On the other hand, a login from Zanzibar is even *more* suspect if Joe is sitting in his office. :) Similarly, it's pretty easy to establish a pattern of when I'm in my office, and when I come in via VPN from a relatively small chunk of Comcast cable address space, so if an attempt is made from a Starbuck's, that's probably well into the unusual... How many of you do anomaly analysis for stuff like this? And what sorts of anomalies have you found useful or not useful to track?
Attachment:
_bin
Description:
Current thread:
- Login/Logoff Activity Will Froning (Apr 23)
- Re: Login/Logoff Activity Justin Bennett (Apr 24)
- Re: Login/Logoff Activity Walter Moore (Apr 24)
- Re: Login/Logoff Activity Valdis Kletnieks (Apr 24)
- Re: Login/Logoff Activity Justin Bennett (Apr 24)
- Re: Login/Logoff Activity Harry Hoffman (Apr 24)
- Re: Login/Logoff Activity Will Froning (Apr 24)
- Re: Login/Logoff Activity Eric Case (Apr 24)
- Re: Login/Logoff Activity Will Froning (Apr 24)
- Re: Login/Logoff Activity Tim Doty (Apr 25)
- Re: Login/Logoff Activity Walter Moore (Apr 24)
- Re: Login/Logoff Activity Justin Bennett (Apr 24)
- Re: Login/Logoff Activity Eric Case (Apr 24)
- <Possible follow-ups>
- Re: Login/Logoff Activity Shane Williams (Apr 25)