Home page logo
/

educause logo Educause Security Discussion mailing list archives

Auditing the use of our Central Credentials
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 6 Nov 2008 09:34:59 -0700

We have a new central credential authentication system this year.  It's home grown and has no log auditing 
capabilities.  We know from experience with the scattered systems that it replaced that auditing capability is useful.  
We've  identified sources of password guessing, sources of unauthorized password use (were you in China yesterday?  
Your password was.) and have watched for uses of passwords exposed by successful phishing.

At the moment, management is satisfied that the authentication system works and is relatively unconcerned about our 
inability to audit the uses of the system.  So, I'm looking for info about how other institutions audit the use of 
authentication credentials, and especially anecdotes about how that capability is valuable for preserving and insuring 
security and protection of information.


Bob Bayn     (435)797-2396     Security Team coordinator
Office of Information Techology at Utah State University

  By Date           By Thread  

Current thread:
  • Auditing the use of our Central Credentials Bob Bayn (Nov 06)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]