Firewall Wizards mailing list archives
RE: Passwords
From: "Doty, Ted (ISSAtlanta)" <TDoty () iss net>
Date: Mon, 18 Oct 1999 08:36:19 -0400
On Wednesday, October 13, 1999 1:46 PM, Rick Smith <rick_smith () securecomputing com> wrote:
At 12:19 PM 10/13/99 -0500, Don Helms wrote:However, you can track the activity on a given account and see if thepatternschange. For example, the guy that logs in to one app everymoorning, does hiswork and goes home. If suddenly that user is running thisapp, that app andpoking round at random, his password might have beencompromised. Also keepan eye on time of day for new and unusual activity.Does anyone have experience with such a thing in an operational environment? My impression was that these systems were had very limited benefits.
The NIDES project concluded that detecting these events was sporadic at best, and was subject to fairly high levels of both false positive and false negative. Then again, this was 1993, so there has been a while for technology to move ahead (SAFEGUARD final report, 12/93, SRI International). What seems much easier is not to look for access with a compromised password, but rather access with a known user account and an unknown password (brute force attacks). These leave logs basically everywhere. - Ted ----------------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 678 443-6000 6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax: +1 678 443-6479 Atlanta, GA 30328 USA | Web: http://www.iss.net ----------------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE
Current thread:
- Passwords Rex Murphy (Oct 06)
- Re: Passwords Rick Smith (Oct 12)
- Re: Passwords Don Helms (Oct 16)
- Message not available
- Re: Passwords Rick Smith (Oct 16)
- Re: Passwords Rick Smith (Oct 12)
- <Possible follow-ups>
- RE: Passwords sean . kelly (Oct 12)
- RE: Passwords Siglite (Oct 16)
- RE: Passwords Peter J. Kunz (Oct 16)
- RE: Passwords LeGrow, Matt (Oct 18)
- RE: Passwords Doty, Ted (ISSAtlanta) (Oct 18)
- Re: Passwords Vin McLellan (Oct 18)