Security Question & Suggestion: Record of Last Access & Recent Accesses
Security Question & Suggestion: Record of Last Access & Recent Accesses
am 07.11.2007 20:05:53 von Berkeley Brett
As my post will make clear, I am hardly an expert when it comes to
computer security.
But perhaps someone can tell me if 1) what I propose here is actually
available already, or 2) if there is a good reason that what I propose
should not come into being.
Here's my suggestion:
For all sorts of computer accounts -- from your personal computer
itself to any online accounts you have (bank accounts, Amazon.com-type
accounts, remote work access accounts, etc.), I think one should have
quick access to a record of ALL recent logons to ones account.
So, for example, if one logs on to ones online bank account, one could
check and see the most recent time (prior to the present logon) that
ones account was accessed, and (if one wished) could see a list of all
recent logons to ones account.
Of course, one would hope to find no surprises here -- one would hope
to find that only oneself had logged on to ones accounts. But if
someone has hacked in to ones account and has decided to prowl around
its inner structure before doing any obvious mischief, at least
there's a chance that one would discover this by looking at the access
record.
And yet, I know of no accounts, online or otherwise, that offer such
access records.
Any feedback you might have on this would be most welcome.
Thanks in advance!
--
Brett
http://www.100bestwebsites.org/
"The 100 finest sites on the Web, all in one place!"
Widely-watched non-profit ranking of top Internet sites
Re: Security Question & Suggestion: Record of Last Access & Recent Accesses
am 07.11.2007 23:25:15 von hans
On 7 Nov 2007 11:05:53 -0800, Berkeley Brett wrote:
>
> For all sorts of computer accounts -- from your personal computer
> itself to any online accounts you have (bank accounts, Amazon.com-type
> accounts, remote work access accounts, etc.), I think one should have
> quick access to a record of ALL recent logons to ones account.
.....
> Any feedback you might have on this would be most welcome.
It is not a weird idea, some cms's offer this partly. The bigger question
would be if you would be able to setup a list of 'safe' addresses that would
allow people to login (your local bank/atm machine, etc....)
>
> Thanks in advance!
Hans
--
IM: hans.wolters@gabbler.org
http://lonki.xs4all.nl
Re: Security Question & Suggestion: Record of Last Access & Recent Accesses
am 11.11.2007 15:46:42 von flaps
Berkeley Brett writes:
>For all sorts of computer accounts -- from your personal computer
>itself to any online accounts you have (bank accounts, Amazon.com-type
>accounts, remote work access accounts, etc.), I think one should have
>quick access to a record of ALL recent logons to ones account.
This is usual for what we used to call "timesharing accounts", which
you young ones these days seem to call "shell accounts". Upon login, it
tells you the date/time and hostname of the previous login; and there is
usually a command to retrieve a list of all recent logins as you suggest
(in unix/linux, type "last user" (for a given username "user")).
Bank accounts, amazon.com, etc, are reinventing everything rather than
following in time-honoured footsteps; but some of them have some of these
attributes. My bank's web banking facility tells you the date/time of last
login when you log in.
For VPNs it might be a little trickier because your computer might
automatically connect and disconnect frequently, thus producing voluminous
logs which are difficult to look through effectively at a glance.
There's also the additional wrinkle that when you log in to a VPN, you
aren't actually interacting (personally, as opposed to automatedly) with
anything on the VPN gateway; you'd have to do some extra step to query the
log data (such as running a web browser and pointing it somewhere specific).
A facility where it could tell you your last login in the VPN protocol,
where you could configure your computer to report this information in a
pop-up dialogue you had to press 'ok' on, would be nice. I assume that
that would require a protocol change, but it could probably be made in a
both-ways-compatible manner. Of course it should be a configuration option on
the client side.