Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

UofA Remote Access Policy for High Risk Access to PeopleSoft

advertisement 
UofA Remote Access Proposal for High Risk Access to
PeopleSoft April 2006
The purpose of this proposal is to describe the steps necessary to ensure that users
accessing PeopleSoft and related systems remotely have an appropriate level of network,
user and desktop security. Due to the sensitivity of some access levels to PeopleSoft and
the increasing ease of remote access, the need for determining policy and procedure for
accessing PeopleSoft from non University secure locations is paramount.
What we are trying to protect is data from financial, personnel and student systems.
While much of this data is publicly available, unauthorized access, change or disclosure
of portions of this data could cause significant reputational and financial losses to the
University. There are several groups that access University data. Each of these groups has
a different level of access that they require to the PeopleSoft applications and therefore, a
different set of rules. The groups that have access to the highly sensitive data to either
view and/or update is typically from the central departments that support these systems.
They include: Human Resources, Financial Services, Supply Management Services,
Registrar, Faculty of Graduate Studies, AIS and Research Services.
All of these users connect from local highly secured desktops to PeopleSoft. Each
network has firewalls that are controlled by local technical support, machines have
controlled software installed, security patches installed, virus protection and anti-spyware
software. Basically, the University can trust that a connection from one of these machines
to PeopleSoft is not likely to be compromised. The desktop is secure.
Many of these users have requirements to work from home or to connect while away
from the University on business. Although we could block access from these high-level
users to only secure LANs this would cause inconvenience to those users. We have spent
significant effort ensuring that our systems are fully web-enabled and it would be wise to
ensure that remote access to these systems is allowed but happens with appropriate
security. These users may require access to self-service transactions or low risk
transactions from non-secured LANs. Simply because they also have high risk
transactions, they should not be denied access to their low risk transactions.
We are trying to deal with two related issues. High risk users should be able to use their
regular roles from insecure locations and they should be able to use their high risk roles
from remote locations by connecting with a secure laptop.
For regular access from insecure locations, check roles as users connect to PeopleSoft
and check where they are connecting from. If they are connecting from a non-secure
network address then simply disable their high risk roles. So, if the user can see their
paycheck and can also submit payroll jobs and they connect from a home computer,
allow them to look up their paycheck and do not allow them to submit payroll. If their id
and password is collected by a hacker, then the hacker could never run payroll as the
hacker would never be connecting from a secure lan or a secure laptop. Only when that
-1-
user connects from a secure LAN or a secure laptop would the ability to submit payroll or
upgrade grades be re-enabled.
Home computers are perhaps the most vulnerable of any computer. They tend to get
infected with viruses and spyware and they lack the rigour of the IT resources that the
University employs. We all know what our teenagers install on our home computers and
those are not the computers that should be used to access or process data that is critical to
the University.
As an aside, one of the barriers to implementing single sign-on for BearTracks EPI users,
has been the risk to adding self-service transactions such as viewing a paycheck to a user
with high risk roles. The addition of view paycheck would increase the likelihood of
these users connecting from a home computer. If we simply disable the high risk roles,
these users could connect from a home computer without putting the University at risk
and we could use the same ID for both BearTracks/EPI and regular University PeopleSoft
access.
To enable high risk users to connect remotely and have access to high risk roles securely,
we need to ensure that these users are connecting from machines that will not be easily
compromised. We recommend that we adopt rigorous standards for secure laptops. Any
remote accesses to high risk roles away from secure LANs must meet the following
standards:
1) Using a departmentally controlled laptop configured for access to PeopleSoft.
This laptop is not to be used for any other purpose than University business
including PeopleSoft. The laptop can be the users’ primary workstation in the
office. This laptop is for exclusive University business use at home, it cannot be
used by spouses, children, etc.
2) Be configured to be remotely managed by the departmental IT staff over a secure
VPN configuration.
3) Primary user CANNOT have Administrative privileges to the machine.
4) Use an enterprise level AntiVirus (AV), Spyware, and Firewall configuration.
Such software must automatically update and cannot require user intervention for
updates, etc. Antivirus must report back to the departmental central AV server
that is monitored by the departmental IT staff.
5) Use a non user interactive method for installing all appropriate security patches
within a reasonable time frame. These updates cannot be canceled by the end
user. This will require a fast network connection.
6) Cannot automatically login when booted, it must prompt for a user id and
password. All failed attempts must be monitored. (IE: Login validated against a
monitored Domain Controller - cached windows credentials are acceptable).
7) Connection to PeopleSoft must be through VPN and departmentally managed
Citrix/Terminal Services. The VPN must be managed by the University.
8) Computer must have separate BIOS, boot and configuration passwords. Must
prompt for boot password on power on. There will be multiple passwords for each
user and they must keep those passwords separate from the laptop.
-2-
9) No confidential files are to be stored on the local laptop hard drive; they should be
kept on the Terminal Server unless the laptop is also the primary workstation.
10) Modifications to PeopleSoft connections will be done so that any access from a
non-secure network location will result in high risk roles being disabled, once a
connection from a secure LAN or secure laptop is intiated these roles will be reenabled.
In order for this recommendation to be implemented, we are estimating that there will be
work completed by IBM, laptops purchased, software purchased and departmental IT
staff time required to support these machines. Resources will be needed, both within each
department and possibly AICT to configure, test and install the VPN software on each
LAN. The IT Support for each department will retain responsibility for selecting laptops,
VPN and installing software that conforms to their local standards. This implies that all
laptops will not be identical or supported by one IT area. Estimates on the costs are as
follows:
Description
Notes
Units Unit
Cost
Implement
PeopleSoft Secure
Logon
Laptop Computers
Laptop Software
VPN Installs
Implement network security
checking for PeopleSoft logins.
Needs IBM Change Order.
All incremental
Software per machine.
Estimate of time. Some
departments may require AICT
involvement.
VPN Software
Software costs
On going Support
Assume all areas can do
support. Estimate some
troubleshooting and assistance
each year.
Total One Time Costs (First Year)
Evergreening
Assume replacement every 3
years
On going Support
Assume all areas can do
support. Estimate some
troubleshooting and assistance
each year.
Ongoing Costs
Total
$25,000
30
$3,000
30
$400
20
$65
hours
$90,000
$12,000
$1,300
6
$500
100
$65
hours
$3,000
$6,500
$137,800
$30,000
100
$65
hours
$6,500
$36,500
There are two parts to this proposal. The first is to implement sign on security that will
disable the use of high risk roles from insecure network locations. The second is to
implement secure laptops.
-3-
If we only proceed with disabling of high risk roles, then we lose the productivity gains
that we would see by giving those users a secure laptop and secure remote access to high
risk roles. We are currently monitoring connections and will be able to produce statistics
on how many high risk connections are being established from non-secure LANs. We
strongly recommend that we implement a secure laptop strategy so all high level users
can access PeopleSoft remotely and securely.
Colin Harford
Network Administrator Human Resources
Shelagh Hohm
Director AIS
-4-
Related documents
Course Topics Form - Stony Brook University
Course Topics Form - Stony Brook University
Directions for Students to Locate PeopleSoft ID:
Directions for Students to Locate PeopleSoft ID:
HR BULLETIN - UC Davis Health System
HR BULLETIN - UC Davis Health System
FINDING DEGREE PROGRESS INFORMATION ON my.pitt.edu 1
FINDING DEGREE PROGRESS INFORMATION ON my.pitt.edu 1
BASIC ENGLISH FOR COMPUTING
BASIC ENGLISH FOR COMPUTING
It - Laptop Computer Assignment Form
It - Laptop Computer Assignment Form
IT Essentials: PC Hardware and Software v4.0 Chapter 6 – Lab
IT Essentials: PC Hardware and Software v4.0 Chapter 6 – Lab
Download
advertisement