Home page logo
/

educause logo Educause Security Discussion mailing list archives

Securing the Single Sign-on Portal
From: Josh Flaherty <Josh.Flaherty () INDSTATE EDU>
Date: Tue, 4 Jun 2013 10:35:56 -0400

Greetings,

Perhaps like many others, we are continuously adding applications that can be accessed through our single sign on 
portal.  Some of these applications are administrative and provide access to sensitive data.  We are taking a number of 
steps to reduce the risks associated with the portal but we are wondering what steps other entities are taking?

Do any of you have double or separate factor authentication for critical administrative applications provided within 
the portal?

Below are some of the things that we have/are effecting;

*         An "I have read this checkbox" containing security best practices upon first logon

*         Signs in security awareness campaign

*         Targeted announcements

*         Separate factor authentication for our main administrative application (although I am told the new version of 
Banner that we are going to no longer support separate user accounts)

*         Portal/Application timeouts
Thanks,

Josh Flaherty
Information Technology Security Officer
Office of Information Technology
Indiana State University


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]