Manualshelf

User guide

ManualsBrandsIBM Manualscomputers & electronicsProventia G, Mntc
101102103104105106107108109110
Chapter 9: Configuring Other Intrusion Prevention Settings
104
You could also use this context to generically search whether employees using
computers to access company-banned sites, such as pornography sites.
User_Login_Name
context
Use the User_Login_Name context to detect user names exposed in plain text during
authentication requests. This context works for many protocols, so you can use it to track
attempts to use a particular account no matter what protocol the attacker uses.
Monitors
The User_Login_Name context monitors for plain text user names in authentication
requests using the FTP, POP, IMAP, NNTP, HTTP, Windows, or R* protocols.
Example
Use this context to track attempts to use compromised accounts or if you suspect
recently dismissed employees have attempted to access their old accounts online. If
you know the account namedFredJ” was compromised in an attack, configure a
signature using this context to search for attempts to access the account.
User_Probe_Name
context
Use the User_Probe_Name context to identify attempts to access to computers on your
network using default program passwords.
Monitors
The User_Probe_Name context monitors any user name associated with FINGER,
SMTP, VRFY, and SMTP EXPN. An attacker can use these default accounts to access to
your servers or other computers in the future.
Example
Like the Password and SNMP_Community contexts, you can use the X-Force
database to build a list of default accounts and passwords relevant to the systems and
software on your network.
Reference: For more information about default passwords, look up SNMP in the X-
Force database at
http://xforce.iss.net
.