Date: Thu, 28 Mar 2024 13:14:31 +0000 (UTC) Message-ID: <786425849.6443.1711631671318@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6442_1425289585.1711631671317" ------=_Part_6442_1425289585.1711631671317 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
CONVENER:
SCRIBE:
# of ATTENDEES:
MAIN ISSUES DISCUSSED:
ACTIVITIES GOING FORWARD / NE= XT STEPS:
SESSION NOTES
No easy way to monitor = for specific events to determine when a person=E2=80=99s group membership s= hould be changed from Silver to Bronze. Not easy to reduce LOA based = on NTLM events.
- Use an audit to force=
the issue when proposing that passwords need to expire.
- The downside to u=
sing auditors, is that they are box checkers. =E2=80=9CIf you don=E2=
=80=99t have a password that expires, then you fail."
Is there a way to creat= e a Failed Authentication Counter as a way of expiring passwords? Thi= s is a risk-based policy. There needs to be a policy for when to down= grade access. One way to determine the different types of events that= might be useful to understand when creating a policy is to use Splunk or G= ulp with custom reports.
There are simple attack= s on teachers if there is a password lockout policy based on failed attempt= s. The student only needs to know the profs usernames. Usernam= es are readily accessible on campus.
What are the best ways = to look at the traffic being generated to look for failures?
There should be a Wiki = page to document the different queries that can be used to identify failed = authN attempts.
It=E2=80=99s bad user e= xperience to make people change their password every 90 days. For Bro= nze, it is a better UX to have the password expire after N attempts.
Berkley - chat with Ben= for details of their implementation.