Return-Path: <sentto-279987-1349-992350679-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Tue, 12 Jun 2001 05:59:08 -0700 (PDT) Received: (qmail 16250 invoked by uid 510); 12 Jun 2001 11:58:35 -0000 Received: from ck.egroups.com (208.50.144.69) by 204.181.12.215 with SMTP; 12 Jun 2001 11:58:35 -0000 X-eGroups-Return: sentto-279987-1349-992350679-fc=all.net@returns.onelist.com Received: from [10.1.4.56] by ck.egroups.com with NNFMP; 12 Jun 2001 12:57:59 -0000 X-Sender: jsforza@isrisk.net X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-7_1_3); 12 Jun 2001 12:57:59 -0000 Received: (qmail 40907 invoked from network); 12 Jun 2001 12:57:58 -0000 Received: from unknown (10.1.10.27) by l10.egroups.com with QMQP; 12 Jun 2001 12:57:58 -0000 Received: from unknown (HELO mailout4-0.nyroc.rr.com) (24.92.226.166) by mta2 with SMTP; 12 Jun 2001 12:57:52 -0000 Received: from isriskxcurrent (roc-24-169-96-20.rochester.rr.com [24.169.96.20]) by mailout4-0.nyroc.rr.com (8.11.2/RoadRunner 1.03) with SMTP id f5CCuQ828358 for <iwar@yahoogroups.com>; Tue, 12 Jun 2001 08:56:26 -0400 (EDT) To: <iwar@yahoogroups.com> Message-ID: <000001c0f33f$43ccfa50$6401a8c0@isrisk.net> X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2462.0000 X-eGroups-From: "John Sforza" <jsforza@isrisk.net> From: "John Sforza" <jsforza@rochester.rr.com> Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 12 Jun 2001 08:57:39 -0400 Reply-To: iwar@yahoogroups.com Subject: [iwar] Trust based on activity/time Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit I am looking for a system based on the model below or thoughts on the model. Everything that I have seen so far is lacks automated real-time response and I have limited headcount. Pardon my blunt language but I am no wordsmith. In most systems that I am familiar with things go like this: 1. a user is authenticated (we don't care who at this point but it is relevant - let's assume an individual finds id/password/token) 2. authorization is granted for access to services and resources. 3. And away we go - an insider opportunity for discovery... And that's about it, sometimes in a really security aware organization (I like the casino model myself) a significant amount of real-time monitoring occurs and a profile is built and passed to other monitoring entities and management as required. My question is this, are there any software systems out there that do the same as above or even better. If you diverge from your profile activities your authorization window narrows but does not close and an alert is sent to Security Operations. Even if you change your authentication the suspect profile is still on record and the process will rematch your activities (I guess I am assuming here that the target information is the same) and again follow the process, but this time escalating the event to Security Operations and potentially isolating the target from access within the suspect subnet, building, floor if things get really dicey. The above is based on personal usage characteristic and not necessarily the users access authorizations. I see an alert being just as valid if this user who has authorization for Y and has never accessed Y is suddenly very active in Y - it's out of character for him to access Y at all. I know that there are several enterprise systems that will log user activity but fail to take proactive steps in real time. John Sforza ISRisk V: 716-230-3516 E: jsforza@isrisk.net [Non-text portions of this message have been removed] ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-06-30 21:44:17 PDT