I regularly sweep our web SSO logs trying to pick out compromised accounts
based on unusual traffic patterns. A common one currently being
authentications from large numbers of IP addresses in China interleaved
with authentications from within the university. Currently the compromises
I find are always for access to electronic journals via our Shibboleth
service - I find perhaps a dozen or so most months. Our theory is that the
corresponding passwords are getting stolen via key loggers.
In a recent discussion with colleagues from Oxford, someone suggested that
this was perhaps a function that Raptor could undertake and I promised to
suggest it.
Is this something Raptor does? If not, might it?
Jon.
--
Jon Warbrick
Information Systems Development, Computing Service, University of Cambridge
|