Educause Security Discussion
mailing list archives
Auditing the use of our Central Credentials
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 6 Nov 2008 09:34:59 -0700
We have a new central credential authentication system this year. It's home grown and has no log auditing
capabilities. We know from experience with the scattered systems that it replaced that auditing capability is useful.
We've identified sources of password guessing, sources of unauthorized password use (were you in China yesterday?
Your password was.) and have watched for uses of passwords exposed by successful phishing.
At the moment, management is satisfied that the authentication system works and is relatively unconcerned about our
inability to audit the uses of the system. So, I'm looking for info about how other institutions audit the use of
authentication credentials, and especially anecdotes about how that capability is valuable for preserving and insuring
security and protection of information.
Bob Bayn (435)797-2396 Security Team coordinator
Office of Information Techology at Utah State University
- Auditing the use of our Central Credentials Bob Bayn (Nov 06)