Re: Two factor authentication for Banner access

[Boaz Gelbord <GelbordB () NEWSCHOOL EDU>]

Thanks to everyone who responded to this question.

I received the following results:

* Two institutions require token access to Banner (one of them only
requires it for certain access outside of restricted zones).
* Three institutions do not require token access to Banner but would do
so if the costs were lower.
* Two institutions do not require token access and feel their current
security measures are sufficient (Oracle database security, firewalls,
masking of sensitive information, etc).

Regards,
Boaz

Boaz Gelbord
Manager of Information Security
The New School
55 West 13th Street NYC 10011
www.newschool.edu


-----Original Message-----
From: Boaz Gelbord [mailto:GelbordB () NEWSCHOOL EDU]
Sent: Friday, January 26, 2007 8:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Two factor authentication for Banner access

Hi everyone,

How many of you are using two factor methods like RSA SecurID tokens
to
control access by administrative workers to Banner information?  I am
concerned by the large number of employees (both full time and
temporary
student staff) who have access to sensitive Banner data such as SSNs.
Using two factor authentication would allow us to better control their
access and would reduce the problems associated with password
compromise
and sharing.

I would also be interested in hearing about institutions that use two
factor authentication to control access to other key resources, or
that
have plans to do so in the future.

If you send me your responses off the list I can aggregate these and
send a summary to the group.

Thanks,

Boaz.

Boaz Gelbord
Manager of Information Security
The New School
55 West 13th Street NYC 10011
www.newschool.edu