Educause Security Discussion mailing list archives
Re: Login/Logoff Activity
From: Justin Bennett <jbennett () MSJC EDU>
Date: Wed, 24 Apr 2013 15:56:33 -0700
I looked at this from a pure security aspect. Some types of data we audit, counter tactics, or evaluate, especially those types that could indicate an attack/brute force/rogue access to systems, seems confidential information to me and my organization that would not want to disclose. It's the same reason armored bank trucks have confidential and ever changing routes/dates/times - need to know and not everyone needs to. Justin Bennett Supervisor of Network Technology Information Technology jbennett () msjc edu Mt. San Jacinto College Phone 951-639-5090 http://www.msjc.edu Security Notice: MSJC Information Technology Staff will never ask for your password. Keep your passwords private to protect yourself and the security of our network. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Wednesday, April 24, 2013 3:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Login/Logoff Activity On Wed, 24 Apr 2013 15:01:36 -0400, Walter Moore said:
investigations. We have never made any effort to see see if people are accessing restricted systems when they are on sick leave or vacation.
Though the case can be made that if Joe Smith is known to be on vacation in Hawaii, any attempted access with his credentials from Zanzibar is probably suspect. On the other hand, a login from Zanzibar is even *more* suspect if Joe is sitting in his office. :) Similarly, it's pretty easy to establish a pattern of when I'm in my office, and when I come in via VPN from a relatively small chunk of Comcast cable address space, so if an attempt is made from a Starbuck's, that's probably well into the unusual... How many of you do anomaly analysis for stuff like this? And what sorts of anomalies have you found useful or not useful to track?
Current thread:
- Login/Logoff Activity Will Froning (Apr 23)
- Re: Login/Logoff Activity Justin Bennett (Apr 24)
- Re: Login/Logoff Activity Walter Moore (Apr 24)
- Re: Login/Logoff Activity Valdis Kletnieks (Apr 24)
- Re: Login/Logoff Activity Justin Bennett (Apr 24)
- Re: Login/Logoff Activity Harry Hoffman (Apr 24)
- Re: Login/Logoff Activity Will Froning (Apr 24)
- Re: Login/Logoff Activity Eric Case (Apr 24)
- Re: Login/Logoff Activity Will Froning (Apr 24)
- Re: Login/Logoff Activity Tim Doty (Apr 25)
- Re: Login/Logoff Activity Walter Moore (Apr 24)
- Re: Login/Logoff Activity Justin Bennett (Apr 24)
- Re: Login/Logoff Activity Eric Case (Apr 24)
- <Possible follow-ups>
- Re: Login/Logoff Activity Shane Williams (Apr 25)