Educause Security Discussion
mailing list archives
Re: Tracking use of your central credentials
From: Bob Bayn <bob.bayn () USU EDU>
Date: Thu, 20 Nov 2008 17:44:40 -0700
Thanks, Mike. I used to do that sort of thing with our old credential system that served our email system and things
like the proxy and vpn servers. But now all the logs are distributed and under the control of various sysadmins. I'm
looking for support for a way to get those logs pooled again with a query tool that the security team will have access
But, thanks for the example of someone who is able to do some of this.
Bob Bayn (435)797-2396 Security Team coordinator
"IT will NEVER ask for your password via email, honest!"
Office of Information Techology at Utah State University
From: The EDUCAUSE Security Constituent Group Listserv [SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mike Iglesias
[iglesias () UCI EDU]
Sent: Thursday, November 20, 2008 4:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Tracking use of your central credentials
Bob Bayn wrote:
We'd like to be able to tell which credentials are being used to login from China so we can check with those users to
see if they ARE in China.
If you can parse your logs with perl, you can use the Geo::IP::PurePerl module
(available from CPAN) to get the two character country code for the IP used,
and then generate your reports based on that. For example, we use that module
to generate reports for users of our VPN service so they can tell if their
ID/password is being misused from outside the US. You do have to keep a
database up to date but it's only updated once a month at the source so it's
not that hard. Just download the new file and replace the old one with it.
Mike Iglesias Email: iglesias () uci edu
University of California, Irvine phone: 949-824-6926
Network & Academic Computing Services FAX: 949-824-2270