SlideShare una empresa de Scribd logo

RSA Security Advisory Part II

Onomi
Onomi

log monitoring guidelines 03 21-2011

Tecnología
1 de 3
Descargar para leer sin conexión
RSA® Authentication Manager 5.2/6.1 Log Monitoring Guidelines The following document describes audit log messages that will allow your organization to monitor your RSA® Authentication Manager 5.2 and 6.1 systems for unusual authentication activity. You should also examine older or archived logs to establish a baseline frequency for these events before proceeding. In addition, some actions like provisioning new tokens or changing PIN policy will increase the frequency of these events. The number included in parentheses next to the relevant log messages is a unique identifier that can be used to build custom queries. 1. Bad PIN, Good Tokencode Authentications Typical cause: An end user accidently enters the wrong PIN during an authentication attempt. Why you should monitor this message: Unusually frequent occurrences of this message may indicate that an attacker is trying to guess the PINs for an end user’s RSA SecurID® tokens. Relevant log messages: Good Tokencode/Bad PIN Detected (1010) 2. Passcode Reuse Attempts Typical cause: An end user accidently sends the same passcode for two separate authentication attempts. Why you should monitor this message: This message may indicate that an attacker is trying to reuse a tokencode in a replay attack. Relevant log messages: ACCESS DENIED, multiple auths (1141) PASSCODE REUSE ATTACK Detected (149) 3. Failed Authentication Attempts Typical cause: An end user accidently enters the wrong passcode during an authentication attempt. Why you should monitor this message: Unusually frequent occurrences of this message may indicate that an attacker is trying to guess the passcode for your RSA SecurID tokens. RSA The Security Division of EMC March 18, 2011 (Version 1.0)
Relevant log messages: ACCESS DENIED, PASSCODE Incorrect (1008) ACCESS DENIED, Token ToD Bad (1001) ACCESS DENIED, Next Tokencode Bad (1000) 4. Next Tokencode Attempts Typical cause: The token clock is different than what is expected by the server. (e.g., a software token with an inaccurate clock or the hardware token time has drifted) Why you should monitor this message: It is possible that this message indicates that an attacker is trying to submit out-of-date passcodes. Relevant log messages: Next Tokencode On (144) Next Tokencode Requested (1002) 5. Cleared PINs Typical cause: A user has forgotten their PIN and the PIN is cleared after the Help Desk Administrator verifies the end user’s identity. Why you should monitor this message: This message may indicate that an attacker is attempting a social engineering attack by convincing a Help Desk Administrator to remove the PIN. Relevant log messages: PIN cleared (117) 6. Token Disabled Typical cause: An end user has entered the wrong passcode multiple sequential times. Why you should monitor this message: A higher frequency of this message may indicate that an attacker is trying to guess the RSA SecurID token passcode. RSA The Security Division of EMC Page 2
Relevant log messages: Token Disabled, Suspect Stolen (143) Token Disabled, Many Failures (145) ACCESS DENIED, Token Disabled (1004) Note: If you utilize Cross Realm, consult the Admin Guide Troubleshooting section for similar Cross Realm messages. RSA The Security Division of EMC Page 3

Recomendados

Super Bowl Xliv
Super Bowl XlivSuper Bowl Xliv
Super Bowl Xlivpaforlenza
 
Quantix - Cloud Computing Congress (15/10)
Quantix - Cloud Computing Congress (15/10)Quantix - Cloud Computing Congress (15/10)
Quantix - Cloud Computing Congress (15/10)Onomi
 
Cloud Business Continuity White Paper
Cloud Business Continuity White PaperCloud Business Continuity White Paper
Cloud Business Continuity White PaperOnomi
 
SaaS 2001
SaaS 2001SaaS 2001
SaaS 2001Onomi
 
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi"
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi" Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi"
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi" Pepih Nugraha
 
Hist20sppnt
Hist20sppntHist20sppnt
Hist20sppntguest3cd7df
 
Media A2 Evaluation
Media A2 EvaluationMedia A2 Evaluation
Media A2 Evaluationguestf07e12
 
Osdb guarantee uk eu 2016 11-20 (002)
Osdb guarantee uk eu 2016 11-20 (002)Osdb guarantee uk eu 2016 11-20 (002)
Osdb guarantee uk eu 2016 11-20 (002)Onomi
 

Recomendados

Super Bowl Xliv
Super Bowl XlivSuper Bowl Xliv
Super Bowl Xlivpaforlenza
 
Quantix - Cloud Computing Congress (15/10)
Quantix - Cloud Computing Congress (15/10)Quantix - Cloud Computing Congress (15/10)
Quantix - Cloud Computing Congress (15/10)Onomi
 
Cloud Business Continuity White Paper
Cloud Business Continuity White PaperCloud Business Continuity White Paper
Cloud Business Continuity White PaperOnomi
 
SaaS 2001
SaaS 2001SaaS 2001
SaaS 2001Onomi
 
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi"
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi" Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi"
Buku "Ibu Pertiwi Memanggilmu Pulang" dan buku "Ranjau Biografi" Pepih Nugraha
 
Hist20sppnt
Hist20sppntHist20sppnt
Hist20sppntguest3cd7df
 
Media A2 Evaluation
Media A2 EvaluationMedia A2 Evaluation
Media A2 Evaluationguestf07e12
 
Osdb guarantee uk eu 2016 11-20 (002)
Osdb guarantee uk eu 2016 11-20 (002)Osdb guarantee uk eu 2016 11-20 (002)
Osdb guarantee uk eu 2016 11-20 (002)Onomi
 
Survivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperSurvivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperOnomi
 
Interoute Intelligent Monitoring
Interoute Intelligent MonitoringInteroute Intelligent Monitoring
Interoute Intelligent MonitoringOnomi
 
Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)Onomi
 
Unified Computing Whitepaper
Unified Computing WhitepaperUnified Computing Whitepaper
Unified Computing WhitepaperOnomi
 
Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)Onomi
 
Database as a service
Database as a serviceDatabase as a service
Database as a serviceOnomi
 
Oracle ISV Cloud Presentation
Oracle ISV Cloud PresentationOracle ISV Cloud Presentation
Oracle ISV Cloud PresentationOnomi
 
SaaS exchange 2010 why make the move
SaaS exchange 2010 why make the moveSaaS exchange 2010 why make the move
SaaS exchange 2010 why make the moveOnomi
 
RSA Advisory Part I
RSA Advisory Part IRSA Advisory Part I
RSA Advisory Part IOnomi
 
Cloud Exchange 2010
Cloud Exchange 2010Cloud Exchange 2010
Cloud Exchange 2010Onomi
 
Exchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionExchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionOnomi
 
9 Steps to Cloud Security Heaven
9 Steps to Cloud Security Heaven9 Steps to Cloud Security Heaven
9 Steps to Cloud Security HeavenOnomi
 
Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)Onomi
 
TechMarketView article - Quantix Growth
TechMarketView article - Quantix GrowthTechMarketView article - Quantix Growth
TechMarketView article - Quantix GrowthOnomi
 
Quantix virtualisation case study
Quantix virtualisation case studyQuantix virtualisation case study
Quantix virtualisation case studyOnomi
 
Quantix cloud case study
Quantix cloud case studyQuantix cloud case study
Quantix cloud case studyOnomi
 
The Oracloud
The OracloudThe Oracloud
The OracloudOnomi
 
Cloudstorm Quantix
Cloudstorm QuantixCloudstorm Quantix
Cloudstorm QuantixOnomi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Más contenido relacionado

Más de Onomi

Survivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperSurvivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperOnomi
 
Interoute Intelligent Monitoring
Interoute Intelligent MonitoringInteroute Intelligent Monitoring
Interoute Intelligent MonitoringOnomi
 
Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)Onomi
 
Unified Computing Whitepaper
Unified Computing WhitepaperUnified Computing Whitepaper
Unified Computing WhitepaperOnomi
 
Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)Onomi
 
Database as a service
Database as a serviceDatabase as a service
Database as a serviceOnomi
 
Oracle ISV Cloud Presentation
Oracle ISV Cloud PresentationOracle ISV Cloud Presentation
Oracle ISV Cloud PresentationOnomi
 
SaaS exchange 2010 why make the move
SaaS exchange 2010 why make the moveSaaS exchange 2010 why make the move
SaaS exchange 2010 why make the moveOnomi
 
RSA Advisory Part I
RSA Advisory Part IRSA Advisory Part I
RSA Advisory Part IOnomi
 
Cloud Exchange 2010
Cloud Exchange 2010Cloud Exchange 2010
Cloud Exchange 2010Onomi
 
Exchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionExchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionOnomi
 
9 Steps to Cloud Security Heaven
9 Steps to Cloud Security Heaven9 Steps to Cloud Security Heaven
9 Steps to Cloud Security HeavenOnomi
 
Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)Onomi
 
TechMarketView article - Quantix Growth
TechMarketView article - Quantix GrowthTechMarketView article - Quantix Growth
TechMarketView article - Quantix GrowthOnomi
 
Quantix virtualisation case study
Quantix virtualisation case studyQuantix virtualisation case study
Quantix virtualisation case studyOnomi
 
Quantix cloud case study
Quantix cloud case studyQuantix cloud case study
Quantix cloud case studyOnomi
 
The Oracloud
The OracloudThe Oracloud
The OracloudOnomi
 
Cloudstorm Quantix
Cloudstorm QuantixCloudstorm Quantix
Cloudstorm QuantixOnomi
 

Más de Onomi (18)

Survivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaperSurvivors guide to the cloud whitepaper
Survivors guide to the cloud whitepaper
 
Interoute Intelligent Monitoring
Interoute Intelligent MonitoringInteroute Intelligent Monitoring
Interoute Intelligent Monitoring
 
Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)Tactical Outsourcing (Interoute)
Tactical Outsourcing (Interoute)
 
Unified Computing Whitepaper
Unified Computing WhitepaperUnified Computing Whitepaper
Unified Computing Whitepaper
 
Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)Hybrid Cloud Case Study (Interoute)
Hybrid Cloud Case Study (Interoute)
 
Database as a service
Database as a serviceDatabase as a service
Database as a service
 
Oracle ISV Cloud Presentation
Oracle ISV Cloud PresentationOracle ISV Cloud Presentation
Oracle ISV Cloud Presentation
 
SaaS exchange 2010 why make the move
SaaS exchange 2010 why make the moveSaaS exchange 2010 why make the move
SaaS exchange 2010 why make the move
 
RSA Advisory Part I
RSA Advisory Part IRSA Advisory Part I
RSA Advisory Part I
 
Cloud Exchange 2010
Cloud Exchange 2010Cloud Exchange 2010
Cloud Exchange 2010
 
Exchange server 2010 archiving and retention
Exchange server 2010 archiving and retentionExchange server 2010 archiving and retention
Exchange server 2010 archiving and retention
 
9 Steps to Cloud Security Heaven
9 Steps to Cloud Security Heaven9 Steps to Cloud Security Heaven
9 Steps to Cloud Security Heaven
 
Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)Exchange cloud tco analysis (Quantix)
Exchange cloud tco analysis (Quantix)
 
TechMarketView article - Quantix Growth
TechMarketView article - Quantix GrowthTechMarketView article - Quantix Growth
TechMarketView article - Quantix Growth
 
Quantix virtualisation case study
Quantix virtualisation case studyQuantix virtualisation case study
Quantix virtualisation case study
 
Quantix cloud case study
Quantix cloud case studyQuantix cloud case study
Quantix cloud case study
 
The Oracloud
The OracloudThe Oracloud
The Oracloud
 
Cloudstorm Quantix
Cloudstorm QuantixCloudstorm Quantix
Cloudstorm Quantix
 

Último

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 

Último (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 

RSA Security Advisory Part II

  • 1. RSA® Authentication Manager 5.2/6.1 Log Monitoring Guidelines The following document describes audit log messages that will allow your organization to monitor your RSA® Authentication Manager 5.2 and 6.1 systems for unusual authentication activity. You should also examine older or archived logs to establish a baseline frequency for these events before proceeding. In addition, some actions like provisioning new tokens or changing PIN policy will increase the frequency of these events. The number included in parentheses next to the relevant log messages is a unique identifier that can be used to build custom queries. 1. Bad PIN, Good Tokencode Authentications Typical cause: An end user accidently enters the wrong PIN during an authentication attempt. Why you should monitor this message: Unusually frequent occurrences of this message may indicate that an attacker is trying to guess the PINs for an end user’s RSA SecurID® tokens. Relevant log messages: Good Tokencode/Bad PIN Detected (1010) 2. Passcode Reuse Attempts Typical cause: An end user accidently sends the same passcode for two separate authentication attempts. Why you should monitor this message: This message may indicate that an attacker is trying to reuse a tokencode in a replay attack. Relevant log messages: ACCESS DENIED, multiple auths (1141) PASSCODE REUSE ATTACK Detected (149) 3. Failed Authentication Attempts Typical cause: An end user accidently enters the wrong passcode during an authentication attempt. Why you should monitor this message: Unusually frequent occurrences of this message may indicate that an attacker is trying to guess the passcode for your RSA SecurID tokens. RSA The Security Division of EMC March 18, 2011 (Version 1.0)
  • 2. Relevant log messages: ACCESS DENIED, PASSCODE Incorrect (1008) ACCESS DENIED, Token ToD Bad (1001) ACCESS DENIED, Next Tokencode Bad (1000) 4. Next Tokencode Attempts Typical cause: The token clock is different than what is expected by the server. (e.g., a software token with an inaccurate clock or the hardware token time has drifted) Why you should monitor this message: It is possible that this message indicates that an attacker is trying to submit out-of-date passcodes. Relevant log messages: Next Tokencode On (144) Next Tokencode Requested (1002) 5. Cleared PINs Typical cause: A user has forgotten their PIN and the PIN is cleared after the Help Desk Administrator verifies the end user’s identity. Why you should monitor this message: This message may indicate that an attacker is attempting a social engineering attack by convincing a Help Desk Administrator to remove the PIN. Relevant log messages: PIN cleared (117) 6. Token Disabled Typical cause: An end user has entered the wrong passcode multiple sequential times. Why you should monitor this message: A higher frequency of this message may indicate that an attacker is trying to guess the RSA SecurID token passcode. RSA The Security Division of EMC Page 2
  • 3. Relevant log messages: Token Disabled, Suspect Stolen (143) Token Disabled, Many Failures (145) ACCESS DENIED, Token Disabled (1004) Note: If you utilize Cross Realm, consult the Admin Guide Troubleshooting section for similar Cross Realm messages. RSA The Security Division of EMC Page 3