1 password reset effortless, self service user password reset
TRANSCRIPT
1
Password Reset
Effortless, Self service User Password Reset
2
• Internationally renowned IBM i solutions provider since 1983
• Product lines:• iSecurity Infrastructure Security• iSecurity Application Security• System tools: file editor, performance tuning
• Products installed in over 40 countries, more than 12,000 licenses• Worldwide distribution network• IBM Advanced Business Partner: QRadar and Tivoli• Partnerships and product integration with major global security (SIEM
& DAM) providers such as Imperva and McAfee and also: • HP (ArcSight & Openview)• CA UniCenter• RSA enVision• GFI, Juniper, Splunk, NNT and others
About Raz-Lee Security
3
iSecurity Products Overview
EvaluationEvaluation
Compliance Evaluator
for SOX, PCI, HIPAA…
Visualizer- BI for
security
Syslog, SNMP for SIEM
AuditingAuditing • Audit QAUDJRN, Status…• Real-time Actions, CL scripts• Capture screen activity • User & Sysval Replication• Compliance: Users, Native, IFS• PW Reset & User Provisioning• Change/PTF Tracker
ProtectionProtection • Firewall FTP, ODBC,… access• Obtain Authority on Demand• Monitor CL Commands • Native Object Security• Anti-Virus protection• Central Admin of LPARs
DatabasesDatabases • DB-Gate: SQL to non-DB2 DBs (Oracle, MS SQL,…)
• AP-Journal for DB audit, filter, archive, real-time alerts
• View/hide sensitive data • FileScope secured file editor
SecurityAssessment
FREE!
PCI, HIPAA, SOX…
Security Breach
Management Decision
4
Password Reset- Features Summary
• Web & Green Screen interface
• User identify verification based upon Class (Manager, Agent, Help Desk)
• Supports assistance from Help Desk without compromising security
• Supports importing corporate HR files to pre-populate user identity info
• Supports multi-lingual and user-defined questions
• Full audit trail and reporting
• Integrates with other iSecurity products: User Management, Replication, Provisioning, Central Administration, Report Generator & Scheduler
5
Password Reset- A Self-Service, Reliable Solution
• Simple to use and administrate:• Web and Green screen user interface• Green screen administration
• Adjustable per the class (i.e. sensitivity) of the user. Ensures that the user is who they say they are, prior to disclosing the personally entered questions.
• Allow Help Desk to easily assist users without compromising security or efficiency of procedures
• Enable the enterprise to “introduce” the product to the organization with minimum overhead:
• Uses existing HR data files• Auto request for entering personal questions
• Full Report Generator
6
Guidelines
• Users are classified by “Classes” (manager, programmer, agent); each class can have different verification rules
• 3-Step Process:• Initial Identification: Use HR info to verify the user is who they say they are
(periodic changes to the process are recommended)• Verify the user has access to their e-mail• User defines personal questions
• Type and number of Verification rules is controlled per Class:• By Email, By Text Message to their cell phone• Number of verification types can be Either, Both or None
• Questions & Answers are personal and displayed only after verification. Standard questions are provided.
7
Password Issuing and User Enabling
• Passwords can be:• Displayed on the screen• Sent by e-mail
• Password Issuing/User Enabling:• If user wishes - Just enable the user (retains the same password) • New password is generated • Password has to be entered within a specified period of time• Once entered, it must be replaced
• Auditing Usage;• Email to administrator• Message to MSGQ• Product log. Processed by iSecurity Report Generator & Scheduler,
results as e-mail with HTML, CSV, PDF attachments, screen, print, output file, etc.
Password Reset Workflow:User Registers Once with Personal Question
Self Authentication
Help Desk
Sign on withFORGOT PASSWORD
Answer Personal Questions
Receive email with Validation Code
Enter Validation Code
Enter Temporary Password and assignment of new password
Receive email with Temporary Password
Sign on with new password
Forgot Password?
9
Additional Product Features
• Reason for password reset process rejection is hidden from the user. Instead, user is referred to the Help Desk with a Reason ID
• The user profile and the password are never sent in the same Email
• Support for pre-loading user file with corporate HR data. Product can restrict the personal Email to the corporate domain
• First time entering of personal questions can be requested automatically at signon
• Questions appear if there are no questions at present• Questions appear only during certified Help Desk hours• Product controls the number of users who can signon during a set period to
avoid possible Help Desk overload
• Multi-lingual - support for up to 10 languages simultaneously
10
Password Reset: Integration within iSecurity Suite
• User Replication
• User Provisioning
• Help Desk Support
• Central Administration
• Road map:• Multi System support
11
Password Reset Main Menu
12
Password Reset Main Menu
13
Using Password: Personal Details Screen
14
Password Reset Class Definition
15
Identifying the User
16
Successful Identification Verification Code Sent
17
Verification Code from E-Mail
18
Personal Questions & Answers
19
Reset Password with Temporary Password
20
Temporary Password Sent
21
Temporary Password Received
22
Must Define New Password
23
Change Password
24
Password Reset Web Interface
25
Web Interface: Enter Verification Code from e-mail