Main Nav

We've turned on Suspicious Login Alerts for our domain and we're trying to figure out how the algorithm determines a suspicious login.  We've received quite a number of them but these could be people who are traveling.

Does it factor in two logins from locations that couldn't possibly be accessed by one person in that time frame?  Or if it's a location the individual has never been before?

A little insight would help us decide what action to take.

Thanks.

 
Jean Tagliamonte
Documentation & Communications Coordinator,
Computing & Information Services, Vassar College

Tel: 845-437-7743
jetagliamonte@vassar.edu | http://computing.vassar.edu
Ways To Connect:
CIS System Status: All Systems are Operational
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.

Comments

It's more like a location from where the person has not logged on before.  In my experience, 90% of the reported log-ins are by the owner of the account, but I have received reports of a log-in in Russia or Nigeria when our person was here.


Thanks Ric,
That's helpful.
Do you follow up on each report?


 
Jean Tagliamonte
Documentation & Communications Coordinator,
Computing & Information Services, Vassar College

Tel: 845-437-7743
jetagliamonte@vassar.edu | http://computing.vassar.edu
Ways To Connect:
CIS System Status: All Systems are Operational