Educause Security Discussion mailing list archives
QuickLaunch + YubiKeys?
From: AIS <ais () REINHARDT EDU>
Date: Thu, 14 Mar 2019 13:32:08 +0000
We are looking at rolling out QuickLaunch + YubiKeys for an additional multi-factor method yet? http://www.quicklaunchsso.com/security-key-by-yubico.html Has anyone done this yet? If so, I would love to get your input on: 1. Are you deploying QuickLaunch for SSO/IDP + MFA? 2. Are you considering providing YubiKeys to staff? and students also? 3. If you are rolling these out to students, how are you (re)covering the cost for the keys? 4. Which key types are you using: * YubiKey 5 NFC * YubiKey 5 Nano * YubiKey 5C * YubiKey 5C Nano * Security Key by Yubico 5. Are you deploying QuickLaunch for HR/SIS to Active Directory automated user provisioning? From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Linc Nesheim Sent: Monday, March 11, 2019 11:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Secure Web Directory? Various changes have been made to our public directory over the years. Most of those were attempts to thwart the scraping of contact information -- throttling, limit number of results, requiring extra clicks, etc. Some were effective for short periods after implementation, but none for very long. We currently have a memo/proposal going through internal channels recommending we remove the universal public directory altogether. Any department or group that wants contact information available via unauthenticated methods is free to post it on their self-managed sites. Our full directory still being searchable behind our portal for internal, authenticated users. As a side note, I participated in a focus-group a couple of years ago where we learned the surprisingly-common behavior of how folks search for information -- go to Google.com and search for institution name + search term was used more often than going to a particular site and using the site's internal search mechanism. This suggests the intended audience for these public directories may not actually be the most active users. :-/ Linc - Linc Nesheim Information Security Officer Whitman College 509-527-5852 On Fri, Mar 8, 2019 at 5:21 PM Fisch, Neal <Neal.Fisch () csuci edu<mailto:Neal.Fisch () csuci edu>> wrote: Good afternoon all, In an attempt to cut down on the amount email phishing we receive we’re interested in see if any universities are protecting (or considering to protect) their outward facing web directories, or if they have any other solutions against directory scraping that have been useful. Thanks all and have a great weekend! Neal Neal Fisch Director, Enterprise Services and Security Information Security Officer California State University Channel Islands One University Drive / Camarillo CA 93012 Email: neal.fisch () csuci edu<mailto:neal.fisch () csuci edu> [Channel-Your-Potential-Email-Footer]
Current thread:
- QuickLaunch + YubiKeys? AIS (Mar 14)