Firewall Wizards mailing list archives

RE: Passwords

From: "LeGrow, Matt" <Matt_LeGrow () NAI com>
Date: Mon, 18 Oct 1999 07:44:04 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the computer networking world , i've never heard nor seen an
example of such.  However I was under the impression that pattern
usage detection was used in  telecommunications, especially the
cellular phone industry by some providers (Nynex springs to mind), at
least with moderate success, to detect cellular fraud.

Matt LeGrow
Network Associates, Inc.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Note: Opinions expressed herein are most certainly NOT that of my
employer:-)

-----Original Message-----
From: Rick Smith [mailto:rick_smith () securecomputing com]
Sent: Wednesday, October 13, 1999 1:46 PM
To: Don Helms; firewall-wizards () nfr net
Subject: Re: Passwords


At 12:19 PM 10/13/99 -0500, Don Helms wrote:

However, you can track the activity on a given account and see if
the

patterns

change.  For example, the guy that logs in to one app every

moorning, does
his

work and goes home.  If suddenly that user is running this

app, that app and

poking round at random, his password might have been

compromised.  Also keep

an eye on time of day for new and unusual activity.


Does anyone have experience with such a thing in an operational
environment? My impression was that these systems were had 
very limited
benefits. At most they might help with network and server
performance tuning, not security. In the real world it seemed that
they'd  either be useless at detecting intrusions or they'd be
constantly  nagged with false alarms (i.e. changes from one project
to another).  

The fact that an intrusion took place doesn't prove the password
was compromised, though it's probably the way to bet with most 
systems these days.  

Rick.
smith () securecomputing com
"Internet Cryptography" at http://www.visi.com/crypto/


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>

iQA/AwUBOAsyNRzV4nRUHFtQEQIh2gCg1Y4qtOIt/BRjchy5XyJacGbz7B0An13b
JjUS/0YlCooLZEV/cuRqqsn3
=gc1w
-----END PGP SIGNATURE-----

Current thread:

Passwords Rex Murphy (Oct 06)
- Re: Passwords Rick Smith (Oct 12)
  - Re: Passwords Don Helms (Oct 16)
  - Message not available
    - Re: Passwords Rick Smith (Oct 16)
- <Possible follow-ups>
- RE: Passwords sean . kelly (Oct 12)
  - RE: Passwords Siglite (Oct 16)
  - RE: Passwords Peter J. Kunz (Oct 16)
- RE: Passwords LeGrow, Matt (Oct 18)
- RE: Passwords Doty, Ted (ISSAtlanta) (Oct 18)
- Re: Passwords Vin McLellan (Oct 18)