× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Mike -

Actually, the entire process is not terribly difficult to create yourself 
using Apache, RPG, and a few HTMLs or you could create a RESET user that 
could only be used to reset passwords or re-enable user profiles.  You'd 
have to 'publish' the password so users could get in and they would be 
disabling that user profile continually (after all, if they can't remember 
their own password, how are they going to remember that one?) but there are 
things you can do to alleviate that.

Should you attempt this, I suggest that you allow your users to re-enable a 
disabled user ID but, in the process, change their password (generate it 
yourself) and e-mail it to the user's corporate e-mail address.  You could 
use the same process for forgotten passwords.  This would ensure that your 
operators are not changing user profiles and that passwords are transmitted 
only on your corporate network and, if a bad person is trying to get a 
password, they would also have to have access to the e-mail of one of your 
employees.  Of course, this supposes that all of your employees have e-mail 
and that you provide the e-mail infrastructure in-house.

Also, consider formulating your questions such that you can compare the 
answers provided against your corporate files rather than allowing the 
employee to provide  the answer to the question in advance.  In other words, 
ask for Social Security number and compare against your HR file rather than 
asking the employee to provide you with the name of his/her favorite pet 
today so your can ask that question tomorrow to verify their ID.

I have a RPGLE program that will generate a random password and a "reset 
user profile and/or password" CL program that I will contribute if you 
decide that you want to go down the do-it-yourself road.

HTH,

Steve

<Mike.Crump@xxxxxxxxxxxxxxxx> wrote in message 
news:OF14FB0CDD.CBD90FA3-ON05257015.004A9A87-05257015.004C005B@xxxxxxxxxxxxxxxxxxx
>
> I think the issue over security comes down to the environment of challenge
> questions.  And when we look at the help desk now the nuisance security
> calls are way high.  A year ago 40% of our calls were printer related,
> another 40% were security related.  Through new printers, proper afp
> resource settings, and IBM's MarkVision we have eliminated over 80% of our
> printer calls.  That's good but now we are really skewed with security
> related calls - they make over 60% of our calls now - and the majority are
> password change problems, account lockouts, password resets, etc.  A 
> person
> calls in needing assistance.  Right now today we have an idea of who they
> are but we do not authenticate them.  Our parent company says we have to
> using challenge questions - so, I'm extending that requirement and saying
> that using that authentication method in a self-service environment is the
> most beneficial.
>
> Having said that I believe that the challenge system has to be somewhat
> robust.  Unfortunately if it's to difficult it can the results can be the
> exact opposite of what you want.  I've got a restriction on my credit
> profile - damn, I almost can't answer the questions to get through but
> that's another story.
>
> I think the self-service system also has to have very robust controls -
> only so many actions within a given time frame, good reporting, and good
> messaging.
>
> If all of these things are met I think it is possible to provide a secure
> environment that improves customer service (and hopefully satisfaction) 
> and
> reduces nuisance type calls to the help desk.  If I can do that then the
> night creatures are happy, my help desk people are happy, and the 
> customers
> are happy.
>
> A good SSO environment would go a long way to reducing this but that's not
> entirely possible in our environment....and even with SSO I think I would
> still want some sort of function available for the domain access.
>
>
>
>
>
>
>
>             rob@xxxxxxxxx
>
>             06/02/2005 11:54                                           To
>             PM                        Midrange Systems Technical
>                                       Discussion
> 
> <midrange-l@xxxxxxxxxxxx>
>             Please respond to                                          cc
>             Midrange Systems
>                 Technical                                         Subject
>                Discussion             Re: Profile self-service
>             <midrange-l@midra
>                 nge.com>
>
>
>
>
>
>
>
> I don't think it defeats the purpose for a security officer or
> administrator.  Ever use a web site with a password?  Now, figure you're a
> nation wide bank with 2 million customers.  Now how many Pakistanis would
> you have to employ just to reset user's passwords?  And wouldn't they ask
> the same sort of questions that a good program could ask?  Mother's maiden
> name or some such thing.  That's the purpose of a good challenge question
> system.
>
> We've analyzed our help desk calls for our internal users.  A vast bulk of
> the calls fit two categories:  Resetting printer writers, and, resetting
> passwords.  We've tackled the first and now it's time to move on to the
> second.  We were looking at adding another help desk person.  Sad to see
> this not happen.  Gal we had in mind lives about two miles away and is
> dying to get back in to programming after her layoff from another company.
> With the economy the way it is, this looked like the best way to sneak
> another person in.  Start her out at the help desk and move her into
> programming.
>
> Rob Berendt
> --
> Group Dekko Services, LLC
> Dept 01.073
> PO Box 2000
> Dock 108
> 6928N 400E
> Kendallville, IN 46755
> http://www.dekko.com
>
>
>
>
>
> ron_adams@xxxxxxxxxxxxxx
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 06/02/2005 04:11 PM
> Please respond to
> Midrange Systems Technical Discussion 
> <midrange-l@xxxxxxxxxxxx>
>
>
> To
> Midrange Systems Technical Discussion 
> <midrange-l@xxxxxxxxxxxx>
> cc
>
> Subject
> Re: Profile self-service
>
>
>
>
>
>
> I'm not sure if this necessarily fits the bill for your issue, but I wrote
>
> a password reset utility a while back that would allow a manager (*SECADM)
>
> to reset a disabled user profile.
> It will allow them the choice also of resetting the password to default
> which is the same as the user id.
> I set it up with object authority so that only those I specified could run
>
> it and that they could only change a user profile if the user did not have
>
> any of the following attributes, *ALLOBJ, *SECADM, *SPLCTL or *SERVICE .
> Also,  I set it up so it will also send me a message when it's executed.
>
> I can send you a copy if you think it will help.
>
> As for self service, I would think something like this would be too risky
> and/or difficult to set up. It also defeats the purpose for a security
> officer or administrator.
>
> Ron Adams
>
>
>
>
>
> Mike.Crump@xxxxxxxxxxxxxxxx
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 06/02/2005 03:31 PM
> Please respond to Midrange Systems Technical Discussion
>
>
>        To:     midrange-l@xxxxxxxxxxxx
>        cc:
>        Subject:        Profile self-service
>
>
> I'm working on two possibilities but was wondering if anyone was familiar
> with a software package that:
>
> 1.)  Verifies user identity through a series of challenge questions and
>
> 2.)  Allows them to change/reset/unlock their account.
>
> NetIQ (ie Pentasafe) has something close with their Vigilent and
> PSPasswordManager products but I don't think all the pieces are there.
>
> Triaworks (Powerlock) might have something if TIM PM ever sees the
> sunlight
> of GA.....
>
> http://www.triaworks.com/downloads/TIM%20PM%20Datasheet.pdf
>
> Due to constraints beyond my control we will be on a NT 4.0 domain for a
> while so a good SSO solution may not be in my near future.  I'm looking at
> some other types of reduced SO options but in the mean time need to
> investigate this.  Even if I can't do self service my audit/parent company
> (ie: those bloodsucking night creatures without a real job) demands will
> necessitate that we maintain a challenge question database for my end
> users
> so that we can correctly identify John Smith and not be socially
> engineered.  So, my drop back position is to have an application that
> allows me to setup, manage, and identify end users by challenge questions.
>
>
>
> Michael Crump
> Manager, Computing Services
> Saint-Gobain Containers
> 1509 S. Macedonia Ave.
> Muncie, IN  47302
> (765)741-7696
> (765)741-7012 f
> (800)428-8642
>
> "The probability that we may fail in the struggle ought not to deter us
> from the support of a cause we believe to be just"  Abraham Lincoln
>
>
>
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> --
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
> list
> To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
> list
> To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
> 




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.