Firewalls: Re: two security issues

Firewalls
(February 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: two security issues
From:	"Michael Nittmann, Principal Communications Analyst, The Trane Company (608 787 3792)" <NITTMANN @ UWLAX . EDU>
Date:	Wed, 9 Feb 94 10:43 CDT
To:	firewalls @ greatcircle . com

Hi,
reading Bryan de Boyle's message: it is very useful to implement a 
mechanism where users get regularly (every two weeks, every month) a 
summary of failed login attempts to their account(s).
When I see one like this I know when I mistyped my pws, and failed 
logins on days I did not log in will stick out.
How: awk and mail, con'd. If you run already SecurID, I think it 
comes with the system.

This does not show a ongoing attack, but it can alert that something 
is going on. Run this on the firewall host where everybody must log 
in, get a report of it too. These things can be deleted immediately 
since  they only cover the past so that you firewallers would not 
use up the firewall disk.


Mike



(all opinions are my own and not necessarily understood by my employer)

Follow-Ups:

Re: two security issues
From: Darren Reed <avalon @ coombs . anu . edu . au>

Indexed By Date	Previous:	Gopher server on a unix host From: "Craig A. Finseth" <fin @ unet . umn . edu>
Indexed By Date	Next:	Re: Gopher server on a unix host From: alastair @ cadence . com (Alastair Young)
Indexed By Thread	Previous:	Re: Two security issues From: Geoff Mulligan <Geoffrey . Mulligan @ Eng . Sun . COM>
Indexed By Thread	Next:	Re: two security issues From: Darren Reed <avalon @ coombs . anu . edu . au>