1. Technical Field
The present invention relates generally to an improved distributed data processing system and in particular to a method and apparatus for managing a distributed data processing system. Still more particularly, the present invention provides a method and apparatus for detection and notification of unauthorized attempts to login to a network.
2. Description of Related Art
In network computer systems, a plurality of client computers are typically connected together, and to one or more server computers in the network. A network may be established through the hardwired interconnection of a plurality of clients and servers in a local network, or on a World Wide Web, which may include telecommunication links. In any case, the clients and servers may act as central control units for providing access to files, programs, and program execution to the individual computers connected within the network.
The Internet, also referred to as an xe2x80x9cinternetworkxe2x80x9d, is a set of computer networks, possibly dissimilar, joined together by means of gateways that handle data transfer and the conversion of messages from the sending network to the protocols used by the receiving network (with packets if necessary). When capitalized, the term xe2x80x9cInternetxe2x80x9d refers to the collection of networks and gateways that use the TCP/IP suite of protocols.
The Internet has become a cultural fixture as a source of both information and entertainment. Many businesses are creating Internet sites as an integral part of their marketing efforts, informing consumers of the products or services offered by the business or providing other information seeking to engender brand loyalty. Many federal, state, and local government agencies are also employing Internet sites for informational purposes, particularly agencies which must interact with virtually all segments of society such as the Internal Revenue Service and secretaries of state. Providing informational guides and/or searchable databases of online public records may reduce operating costs. Further, the Internet is becoming increasingly popular as a medium for commercial transactions.
Currently, the most commonly employed method of transferring data over the Internet is to employ the World Wide Web environment, also called simply xe2x80x9cthe Webxe2x80x9d. Other Internet resources exist for transferring information, such as File Transfer Protocol (FTP) and Gopher, but have not achieved the popularity of the Web.
With the rise of the Internet and electronic commerce, one problem facing information system departments is how to detect a successful or attempted incursion or access to their computers. In the present dynamic system environment, a conscientious organization must be on guard against unauthorized access to their computer systems. Despite organizational commitments to security, administrators are often too busy to perform the checks needed to monitor and identify failed attempts to access a computer system. Most administrators spend large amounts of time responding to end user crises. Remaining amounts of time are dedicated to system maintenance. As a result, despite the public positions and money spent on security by an organization, at a practical level, administrators have little time to deal with such issues until an intruder has caused damage to the computer system.
Therefore, it would be advantageous to have an improved method and apparatus for monitoring for unauthorized access to a computer system and for notification of such unauthorized access.
The present invention provides a method and apparatus for identifying unauthorized attempts to access a data processing system. A file used to contain data on failed attempts to access the data processing system is monitored. Responsive to the file containing data on failed attempts to access the data processing system, the data is analyzed to identify candidates for unauthorized access attempts.