Educause Security Discussion mailing list archives
Re: stopping students sharing their login credentials
From: "Rappaport,Jason" <jbr32 () DREXEL EDU>
Date: Fri, 23 Jan 2009 09:57:11 -0500
Ray - in some of our labs we had an issue with students from other colleges using our labs that forced us to limit access to our MAC labs. We ended up implementing a custom script that not only would allow authorized students to log onto the computers, but also limited them to one logon per machine program; e.g. only one logon per the five Graphic Design labs. If anyone is interested in this script I would be willing to share it with them; send me a private message. Thanks, Jay __________________________________ Jay Rappaport jasonrap () drexel edu 215.895.1680 office 215.895.6447 fax Systems Administrator Microsoft Certified Professional Six Sigma Green Belt Certified Antoinette Westphal College of Media Arts and Design - Design & Imaging Studios Drexel University http://drexel.edu/westphal -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ray Strubinger Sent: Friday, January 23, 2009 9:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] stopping students sharing their login credentials Depending on your environment, there may be a technical control to compliment your educational efforts. If there's no legitimate reason to be logged in to more than one system simultaneously, see if your authentication system can limit the number of simultaneous logins. If your authentication system doesn't specifically allow you to prevent simultaneous access, then one solution I've seen is to have a script watch for login events from multiple locations for the same user. The script alerted a human who then cut access. -Ray Russell Fulton wrote:
Background: Earlier this week we had an incident where the building security officer noticed a group of unfamiliar people using machines in one of
our labs.
She asked them for their ID cards and none could (would?) produce one.
On questioning they said they were students from a neighbouring institution and that they were using "borrowed" credential. We have cctv footage and swipe card logs from the door (which may show
they tail gated someone in). We are now tracking down which machines
were being used so we can disable the accounts. To the point. We (the security techies) have been asked what measures we can deploy to prevent this sort of thing happening in future. We already do lots of education, posters, page on the back of the student handbook. Students have no excuse for not knowing that they should not share passwords. On the social/education side we could make an example of anyone we finger for this (assuming we can make charges stick) in the hope that this will persuade other students not to share their passwords. Technical solutions seem to revolve around some form of two factor authentication. I.e. something the student has but which they will be
reluctant to part with for any length of time. Like their ID card. Our ID cards have bar codes and classic mag stripe. Some labs (like this one) also have proximity card locks. Generally only post grad students or students in special coursed (like medicine) have proximity
cards. Anyway I would very much like to know what other are doing in this
space.
Cheers, Russell
-- Ray Strubinger Information Security Program Manager Georgia Institute of Technology OIT Information Security 258 Fourth St, Rich 222 Atlanta, Georgia 30332-0700 Phone:404-385-0334/Fax:404-385-2331
Current thread:
- stopping students sharing their login credentials Russell Fulton (Jan 22)
- <Possible follow-ups>
- Re: stopping students sharing their login credentials Mike Waller (Jan 22)
- Re: stopping students sharing their login credentials Jeff Kell (Jan 22)
- Re: stopping students sharing their login credentials Barry Lynam (Jan 22)
- Re: stopping students sharing their login credentials Rizzo, Jim (Jan 22)
- Re: stopping students sharing their login credentials Ray Strubinger (Jan 23)
- Re: stopping students sharing their login credentials Rappaport,Jason (Jan 23)
- Re: stopping students sharing their login credentials Mike Wiseman (Jan 23)
- Re: stopping students sharing their login credentials randy marchany (Jan 23)
- Re: stopping students sharing their login credentials James M. Dutcher - Assoc. VP IS/IT & CIO (Jan 23)
- Re: stopping students sharing their login credentials Christopher Jones (Jan 23)
- Re: stopping students sharing their login credentials randy marchany (Jan 23)
- Re: stopping students sharing their login credentials Mike Wiseman (Jan 23)
- Re: stopping students sharing their login credentials Charlie Reitsma (Jan 23)
- Re: stopping students sharing their login credentials Neil Sindicich (Jan 23)
- Re: stopping students sharing their login credentials Barros, Jacob (Jan 23)
- Re: stopping students sharing their login credentials Basgen, Brian (Jan 23)
(Thread continues...)