At 12:19 PM 10/13/99 -0500, Don Helms wrote: >However, you can track the activity on a given account and see if the patterns >change. For example, the guy that logs in to one app every moorning, does his >work and goes home. If suddenly that user is running this app, that app and >poking round at random, his password might have been compromised. Also keep >an eye on time of day for new and unusual activity. Does anyone have experience with such a thing in an operational environment? My impression was that these systems were had very limited benefits. At most they might help with network and server performance tuning, not security. In the real world it seemed that they'd either be useless at detecting intrusions or they'd be constantly nagged with false alarms (i.e. changes from one project to another). The fact that an intrusion took place doesn't prove the password was compromised, though it's probably the way to bet with most systems these days. Rick. smithat_private "Internet Cryptography" at http://www.visi.com/crypto/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:43:00 PDT