RE: Self Service Password Resets

["JamesCHanlon" <JamesCHanlon () comcast net>]

Have you looked at the Imprivata One-Sign product?

After evaluating a large number of these solutions for many years (starting
when I was head of security for a Fortune 150 company), I had all but given
up hope that someone would actually produce a product that was practical and
would live up to what was needed in the real-world.  
 
Hands-down Imprivata is the best product we have seen in the market.

Not only does it provide the services you mentioned below, its interaction
with other products and services are excellent.  One thing that I like is
that it is scalable and practical for all sizes of organizations.  Also it
did not make any changes to the ID systems (such as Active Directory).

It is fairly easy to implement with a terrific graphic interface that learns
the login methods and jumpstarts the login profiling that can be reused for
similar access types.

Because it worked independent of the server platforms it is able to
integrate various versions of Active Directory, Novell, Mid-Range,
mainframes, Citrix, any flavor of UNIX we could get our hands on with web
based, legacy, and green screen applications.

When they added the physical/logical component it allowed a link between the
physical access control systems and computer access making it possible to
create policies that reacted to whether the user was in a facility or
connecting remotely.  This was very helpful when you have to terminate
access across a large number of different systems.  The reports are also
great for compliance reporting.


The training and support are superb.  They treat you like your success is
personal to them.




Jim

JC Hanlon Consulting, Inc.
Phone:   US (586) 435-6231
Website: http://www.JCHCI.com

Helping Protect your Clients, your Business, the Homeland

This electronic message and all contents and attachments contain information
from the firm JC Hanlon Consulting, Inc. and/or its affiliates, which may be
privileged, confidential or otherwise protected from disclosure.  The
information is intended to be for the addressee(s) only.  If you are not the
addressee, or otherwise have reason to believe that you have received this
message in error, then any disclosure, copy, distribution or use of this
message, or its contents or any of its attachments, is prohibited.  If you
have received this electronic message in error, please notify us immediately
and destroy the original message and all copies. Neither this information
block, the typed name of the sender, nor anything else in this message is
intended to constitute an electronic signature unless a specific statement
to the contrary is included in this message.

________________________________

 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Campbell, Josh
Sent: Tuesday, March 31, 2009 10:46 AM
To: 'security-basics () securityfocus com'
Subject: Self Service Password Resets

Hello list,

I work for a public university and my manager has asked me to look into a
self service password reset solution.  We have many employees that do not
work on campus or even in the same state (adjunct professors).  Currently
when they forget their password we have them go through several hoops to get
their password reset, including faxing over some ID and having their
department head contact us.  This was originally designed to be a hassle in
hopes that we wouldn't get very many "repeat customers" for forgetting their
passwords.

Anywho, I was wondering what solutions other people out there are using for
this type of thing?  Ideally we would like something that a user could go to
from their web browser at home or any computer not on our network and they
would be forced to answer a series of challenge questions (I know this
brings up the point of them forgetting the challenge questions too but let's
not even go there).  We use MS Active Directory so that would also be a
requirement for the solution.

Thanks in advance!

-Josh C

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

No time or budget for traveling to a training course in this fiscal year?
Check out the online information security courses available at InfoSec
Institute. More than a boring "talking head", train in our virtual labs for
a total hands-on training experience. Get the certs you need: CEH, CPT,
CEPT, CISA, CISSP, CISM

http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------