Educause Security Discussion mailing list archives

Re: [Possible SPAM] sync general user accounts to SIS accounts ?

From: Richard Gambrell <richard-gambrell () UTC EDU>
Date: Tue, 1 May 2007 17:53:19 -0400

In my view, reasonable security efforts trumpet convenience.

We are planning for, but haven't implemented fully, two layers of
"single" sign on authentication, one at the "portal" or "access" or
"outer" level that would use the more general campus id and password
(email, PC, etc.) and a second userid and password to access "highly
sensitive or confidential" information systems by privileged users.

We would attempt user ID and password synchronization within each layer
through the use of a Novell Identity manager product.  Access to the
inner layer would require authentication at the outer layer first. We
plan to primarily use radius and ldap for the outer layer and probably
an Oracle user and login at the inner.

We're also talking about using a one time password system for system
administrators.

Richard

Michael Fox wrote:

We are looking at implementing a single point of authentication for most of our accounts. I would like to ask what 
others are doing in respect to accounts that access your SIS information. For example, faculty that access SIS to enter 
student grades. Are you using separate accounts for SIS or are the general accounts being used for this kind of access?

I would like to see a separate account but I am getting the convenience side argument (which I understand).

Any thoughts will be a help.

Thanks,
Mike

Mike Fox
Georgia Southern University
Information Technology Services
Office of Information Security
mfox () georgiasouthern edu
(912)871-1592

Jeremiah 29:11-16

NOTE: This email message is intended only for the named recipient(s) above
and may contain information that is privileged, confidential, and or exempt
from disclosure under applicable law. If you have received this message in
error, or are not the named recipient(s), please immediately contact the
sender and delete this email message.



--
Richard L Gambrell, Director of Information Systems
Information Technology Division, University of Tennessee at Chattanooga
103 Admin Dept 4054, 615 McCallie Ave, Chattanooga, TN 37403-2598
CECS IT problems: please contact cecstech () utc edu
COBA IT problems: please contact Joshua-Cutler () utc edu
Otherwise report IT Problems: Help-Desk () utc edu or 423-425-4000
Phone troubles: troubles () utc edu or 423-425-4784
IT Business Office: 423-425-1755 Main UTC phone: 423-425-4111
My office phone: 423-425-5316 My (urgent) mobile: 423-432-5122
Email: richard-gambrell () utc edu

Current thread:

Re: [Possible SPAM] sync general user accounts to SIS accounts ? Richard Gambrell (May 01)
- <Possible follow-ups>
- Re: [Possible SPAM] sync general user accounts to SIS accounts ? Richard Gambrell (May 01)
- Re: [Possible SPAM] sync general user accounts to SIS accounts ? Karen Duncanson (May 01)
- Re: [Possible SPAM] sync general user accounts to SIS accounts ? Gary Flynn (May 02)
- Re: [Possible SPAM] sync general user accounts to SIS accounts ? Gary Flynn (May 02)