Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
-
Upload
duo-security -
Category
Technology
-
view
119 -
download
0
Transcript of Securing Access to PeopleSoft ERP with Duo Security and GreyHeller
Grey Heller, Proprietary and Confidential
Presenters Larry Grey President, GreyHeller
Brian Kelly Principal Product Marketing Manager
GreyHeller + Duo Security
Grey Heller, Proprietary and Confidential
Agenda n GreyHeller & Duo Security Overview n Today’s Security Challenges n Solving with Two-Factor Authentication n ERP Firewall and Duo Integration n Implementation and Administration
Grey Heller, Proprietary and Confidential
GreyHeller § Nearly 200 years of PeopleSoft engineering
experience § ~100 customers § Oracle PeopleSoft Customer Advisory Board § PeopleSoft beta test partner: PeopleTools 8.54
Key Commercial Customers
GreyHeller, Proprietary & Confiden4al
Key Education Customers
Grey Heller, Proprietary & Confiden4al
Better Security, Not Just More.
Brian Kelly Principal Product Marketing Manager Duo Security
Duo Security – Two-Factor Authentication Made Easy
☁-. ,
!Easy to Manage Easy To Deploy
Easy to Use
✓
Thousands Of Customers Protected By Duo
duosecurity.com/success-stories
100% OF BREACHES involve stolen credentials
— Mandiant
Source: mandiant.com/threat-landscape and M-Trends annual reports
‣ Phished
‣ Guessed
‣ Keylogged
‣ Sniffed
‣ Cracked
‣ Reused
‣ Bypassed
Credentials Are Easily Stolen
Solution: Two-Factor Authentication
Grey Heller, Proprietary and Confidential
Today’s Security Challenges n Phishing and targeted spear phishing n Access anywhere anytime n Complex support environments n Security policy enforcement n Non-technical users that receive little training
Grey Heller, Proprietary and Confidential
Two Factor Use Cases n Protecting Self Service use n Protection by location n Super User / Admin protection
¨ Functional and technical privileged users
n Sharing credentials, policy violations n Protects untrained users
Grey Heller, Proprietary and Confidential
Solving with Two Factor Authentication
Grey Heller, Proprietary and Confidential
Solving with Two Factor Authentication n Where should the challenge occur?
¨ Log in ¨ Only when accessing Sensitive Transactions ¨ Unlocking Masked Data
n One Size does not fit All ¨ Self Service versus Admin Use ¨ Privileged versus General Users ¨ Trusted versus Untrusted Locations ¨ HR versus CS versus FS
Grey Heller, Proprietary and Confidential DEMO
Grey Heller, Proprietary and Confidential
Integration
Grey Heller, Proprietary and Confidential
Integration n ERP Firewall
¨ Provides the mechanism to enforce a Duo Challenge ¨ Allows mixing and matching of enforcement rules
n Duo Security ¨ Generates a second factor challenge to the user and
evaluates the result ¨ Supports multiple channels for challenging users
Grey Heller, Proprietary and Confidential
ERP Firewall n Delivers the ability to:
¨ Control access based on location, user, role, content, state, or any header and data attribute
¨ Flexible and configurable logging ¨ Implement 2nd factor challenges for content you wish
to secure more strongly ¨ Display your own system messages to your users ¨ Restrict access when system is under maintenance
Grey Heller, Proprietary and Confidential
Access Control Made Easy Restrict access when
Down for Admin
Display System Message
Allow access to Self Service Pages
Challenge External access to vendor pages
Block all other external internet access
Log Access by at Risk employees
Grey Heller, Proprietary and Confidential
ERP Firewall Flow PeopleSoft App Server
PeopleSoft Application Database
PeopleS
oft Application
Perm
issions
Display P
age B
usiness Logic
PeopleSoft Web Server
PeopleS
oft S
ervlet Response
Request
Load Configuration
Config Cache
Evaluate Data Rule
Activity Log
Log
Block
GreyH
eller ER
P Firewall P
lug-in
Allow Allow
Redirect
Grey Heller, Proprietary and Confidential
Powerful Logging n Gathers a complete picture of access
¨ Userid / IP Address / Result / Browser / Date / Time ¨ Login Page / Portal Content / PeopleSoft Page / iScript ¨ EMPLID / Search Criteria / Actions taken
n Allows creation of targeted logs ¨ Failed login activity ¨ Activity for specific content ¨ Activity for types of users ¨ 2-factor activity
Duo Security – Two-Factor Authentication Made Easy
☁-. ,
!Easy to Manage Easy To Deploy
Easy to Use
✓
Easy To Use – Your Phone Is Your Key
‣ One-tap to authenticate
‣ Reduce 2FA interruptions
‣ Help users help themselves
‣ Support every phone (and token)
Easy To Manage – For Help Desk, IT, and Security Staff
‣ Flexible user enrollment
‣ Support end users quickly
‣ Customize security policy, by group
‣ Get real-time authentication information
‣ Fully extensible with Admin API
Grey Heller, Proprietary and Confidential
Configuration n When the user is challenged n What types of users should be challenged n Portal rules n Field masking n Location rules n Event logging n Duo server rules
Grey Heller, Proprietary and Confidential
Configuration n Provisioning users in Duo
ü Self-Enrollment
ü Active Directory Sync
ü Bulk Import
ü Manual
ü API
Grey Heller, Proprietary and Confidential
Lifecycle Management n PeopleSoft General Maintenance
¨ Application Upgrades and Bundles ¨ PeopleTools Upgrades and Patches ¨ Customizations
n ERP Firewall ¨ Rules Engine means existing configuration is resilient to
upgrades ¨ Understands differences between PeopleSoft releases
n Duo ¨ ERP Firewall isolates Duo from PeopleSoft impact
Grey Heller, Proprietary and Confidential
Duo Implementation Methodology Functional Steps n 2 Factor Challenge
¨ Identify Pages ¨ Configure Firewall based on
content
n Functional Testing ¨ Initial Testing using temporary 2
Factor infrastructure
n Logging ¨ Determine log conditions ¨ Determine log content
Infrastructure Steps n PeopleSoft/Duo Environments
¨ Development / Test / Production
n Product Installation
n 2 Factor Infrastructure ¨ Configure DUO Server/ERP
Firewall Integration ¨ Define Duo User Provisioning
Rules
n Move to Production
Grey Heller, Proprietary and Confidential
Thank you For more information on GreyHeller or to schedule a private demonstration, please email:
Kelly Jones Vice-President, Marketing [email protected]