- Mitigation options
- Best practices
- Lessons learned
- Incident Response
- Defense-in-depth for PeopleSoft
After the PS_TOKEN threat vector was announced at Hack in the Box Amsterdam in May 2015, security organizations started adding specific tests for PS_TOKEN into their penetration test portfolio.
If your organization does regular penetration tests (which you should if your PeopleSoft system is publicly available on the internet), your organization may fail and would therefore have to remediate this risk immediately.
What does this mean to you?
More time and effort will be required to deal with test results moving forward. Prepare for this situation today.
GreyHeller is the leading expert in performing PS_TOKEN assessments for customers and non-customers alike. Ensure your organization is in the most secure position by scheduling your assessment with GreyHeller today.
Recently, one of our Higher Education customers – a highly regarded US university – implemented another option for Two-Factor Authentication using our ERP Firewall software product.
Click to Call allows 2FA pins to be delivered via a telephone voice call.
Click to Call is based on new PeopleCode packages and several Java JAR files that interact with a third party calling system. It is invoked when a PeopleSoft user triggers an event –accessing sensitive data that GreyHeller’s ERP Firewall systems has been configured to protect – that sends the message to the external voice call system. That system then retrieves data containing the requested credentials from PeopleSoft. The user then enters the 2FA pin on the challenge screen which completes the challenge.
iScripts, JAR files, custom application packages, third party integration – sounds complicated right? Wrong. ERP Firewall seamlessly integrates from the user’s page action to the delivery of the call in less than 3 seconds.
The message can be customized to contain important information in addition to just the 2FA pin. This information could be beneficial and timely.
Click to Call joins ERP Firewall’s other 2FA challenges methods:
- Time-based one time password (TOTP)
- Duo Security
- Instant Messaging