|
Departments can secure servers holding sensitive data by providing authentication and access options with multiple levels of assurance to match the level of security required by the data. Computing Services can help you determine what level of assurance is appropriate for each application.
Application authentication options include:
- PKI certificate with eToken (high assurance).
- Web applications, such as Banner Student and Blackboard.
- Oracle administrator access.
- PKI without eToken (lower assurance).
- DND (BlitzMail) username and password (lower assurance).
- Least common denominator for applications unable to authenticate with PKI; an alternative for low-risk systems or applications
- Kerberos (lower assurance).
- Being phased out; replaced by PKI certificates
Network access options include:
- VPN with eToken for private departmental VPN addresses.
- The user has a VPN client and authenticates with a PKI eToken.
- The user must be a member of an authorized group maintained by departmental staff (simple Web application).
- Highest assurance because of eToken requirement and group membership.
- Encrypts all user network traffic.
- VPN with username and password.
- The user has a VPN client and authenticates with a DND username and password.
- Relatively low level of assurance because of the username and password option.
- Invokes encryption of all user network transmissions.
- Unauthenticated network access will always be an option, but network authentication will be required to access some applications
Computing Services is investigating ways to provide quick, but secure, access for users who have forgotten or lost their eToken. The possibilities include:
- Have an extra eToken already in their possession.
- Acquire another eToken quickly.
- Acquire a temporary software certificate.
- Get delegated access from another authorized user.
|
