Re: Securing the Single Sign-on Portal

[Josh Flaherty <Josh.Flaherty () INDSTATE EDU>]

Hello All,

We are also very interested to hear what products others are using to deliver portal applications/services.  We are 
currently using Stone-ware.

Thanks.

-Josh Flaherty

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Josh 
Flaherty
Sent: Tuesday, June 04, 2013 10:36 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Securing the Single Sign-on Portal

Greetings,

Perhaps like many others, we are continuously adding applications that can be accessed through our single sign on 
portal.  Some of these applications are administrative and provide access to sensitive data.  We are taking a number of 
steps to reduce the risks associated with the portal but we are wondering what steps other entities are taking?

Do any of you have double or separate factor authentication for critical administrative applications provided within 
the portal?

Below are some of the things that we have/are effecting;

*         An "I have read this checkbox" containing security best practices upon first logon

*         Signs in security awareness campaign

*         Targeted announcements

*         Separate factor authentication for our main administrative application (although I am told the new version of 
Banner that we are going to no longer support separate user accounts)

*         Portal/Application timeouts
Thanks,

Josh Flaherty
Information Technology Security Officer
Office of Information Technology
Indiana State University