Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Securing the Single Sign-on Portal
From: Josh Flaherty <Josh.Flaherty () INDSTATE EDU>
Date: Mon, 10 Jun 2013 13:21:20 -0400

Hello All,

We are also very interested to hear what products others are using to deliver portal applications/services.  We are 
currently using Stone-ware.


-Josh Flaherty

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Josh 
Sent: Tuesday, June 04, 2013 10:36 AM
Subject: [SECURITY] Securing the Single Sign-on Portal


Perhaps like many others, we are continuously adding applications that can be accessed through our single sign on 
portal.  Some of these applications are administrative and provide access to sensitive data.  We are taking a number of 
steps to reduce the risks associated with the portal but we are wondering what steps other entities are taking?

Do any of you have double or separate factor authentication for critical administrative applications provided within 
the portal?

Below are some of the things that we have/are effecting;

*         An "I have read this checkbox" containing security best practices upon first logon

*         Signs in security awareness campaign

*         Targeted announcements

*         Separate factor authentication for our main administrative application (although I am told the new version of 
Banner that we are going to no longer support separate user accounts)

*         Portal/Application timeouts

Josh Flaherty
Information Technology Security Officer
Office of Information Technology
Indiana State University

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]