Join the supporters of the Stop Global Warming Virtual March
Main Menu
HomeBasicsFusionPS on LinuxSecurityDocumentsScriptsSearchFeedsWeb LinksSiteMapForumPodCastsGuest BookPeopleSoft Jobs
Translation
Translation may not be accurate.
** Thanks to Google Anyway***

To Change between languages
go to English and change again.
Login Form





Lost Password?
No account yet? Register
FeedBurner
Get Postings by Email
without Account.
Who's Online
Statistics
Postings: 65
PeopleSoft Blog Feeds: 15
PeopleSoft Job Feeds: 16
Oracle Feeds: 12

Registered Members: 203
Unique Visitors: 358121
Syndicate
Home arrow Security arrow PeopleSoft Security SOX/HIPAA (Part 2)
PeopleSoft Security SOX/HIPAA (Part 2) PDF Print E-mail
Written by RD   
Tuesday, 19 February 2008

I recently came across the link to the news about PeopleSoft and Security related.

http://www.pcworld.com/article/id,139233-c,hackers/article.html

This is the first time I have read in the news about the PeopleSoft being hacked. It was published in November last year, but I feel it is still worth mentioning.  According to the news, they used "Computer Hacking Techniques" to crack the passwords.

What we can do to mitigate the risk of your systems getting hacked:

  1. Tighten Password Controls (People Tools --> Security --> Password Configuration --> Password Controls) Never check the "Allow Password to Match UserID" option. There are some people who do not care about security breach, even if it is their own password. If someone complaints about it, then quote this University incident.
  2. Enable audit for Sensitive tables like PSOPRDEFN and generate reports on the AUDIT and Scan through the report daily. There is no point in putting all the auditing and not checking it daily.
  3. I make it a point to spend at least an hour or ensure some one goes through the reports daily to check any mishap.
  4. Also generate report to any changes and roles permission lists and ensure that the Security Incharge goes through the report.
  5. Generate the pdf format of all the reports and store them in a different server for future retrieval.
  6. Audit all the business sensitive tables and automate to generate the reports and email the responsible departments daily.
  7. Always use SSL secured only option (People Tools -->Web Profile --> Web Profile Configuration --> Security Tab). It is worth spending money on  Authentication Keys (verisign/Equifax) than regretting later, especially for the shops which have public access.

More to come..


Add as favourites (76) | Quote this article on your site | Views: 1617 | Print

Comments (2)
RSS comments
1. 03-16-2008 09:14
 
Good one. Look forward for more on this topic. 
 
Cheers
Guest
  
Pete
2. 03-25-2008 20:32
 
Sure. Will be posting periodicallym on SOX/HIPPA. I am working on sending email subscription from this site on any new postings. Register yourself and you will get the new posts though email for registered members.
Registered
  
RD

Write Comment
  • Thankyou for your comments.
  • Feel free to comment if there are any mistake in the postings also.
  • If you have a Blog or website, feel free to provide the link. We will take a peak.
  • Just ensure to *Refresh* your browser for a new security code to be displayed prior to clicking on the 'Send' button.
  • Keep in mind that the above process only applies if you simply entered the wrong security code.
Name:
Homepage
BBCode:Web AddressEmail AddressBold TextItalic TextUnderlined TextQuoteCodeOpen ListList ItemClose List
Comment:

Code:* Code
I wish to be contacted by email regarding additional comments

Copy Right: AKOComments v.1.4.6

Last Updated ( Wednesday, 20 February 2008 )
 
< Prev   Next >
[ Back ]

xkcd and whatever..?

© 2009 PSADMIN.org
PSAdmin.org is for & by the PeopleSoft Administrators to share their Experience.