×
[searchandfilter taxonomies="search"]
Home / Blog / Click to Call for Two-Factor Authentication

Click to Call for Two-Factor Authentication

By Greg Wendt • July 3, 2014

Recently, one of our Higher Education customers – a highly regarded US university – implemented another option for Two-Factor Authentication using our ERP Firewall software product.

Click to Call allows 2FA pins to be delivered via a telephone voice call.

Click to Call is based on new PeopleCode packages and several Java JAR files that interact with a third party calling system. It is invoked when a PeopleSoft user triggers an event –accessing sensitive data that GreyHeller’s ERP Firewall systems has been configured to protect – that sends the message to the external voice call system. That system then retrieves data containing the requested credentials from PeopleSoft. The user then enters the 2FA pin on the challenge screen which completes the challenge.

iScripts, JAR files, custom application packages, third party integration – sounds complicated right? Wrong. ERP Firewall seamlessly integrates from the user’s page action to the delivery of the call in less than 3 seconds.

The message can be customized to contain important information in addition to just the 2FA pin. This information could be beneficial and timely.

Click to Call joins ERP Firewall’s other 2FA challenges methods:

  • Text
  • Email
  • Time-based one time password (TOTP)
  • Duo Security
  • IVR
  • Instant Messaging
  • Biometrics.

Related Articles.

How Appsian Solved Unique SAML Integration & IdP Configuration
[Customer Story] How Appsian Solved University of Nebraska’s Unique SAML Authentication & IdP Configuration
The University of Nebraska uses PeopleSoft Campus Solutions for its student information system and wanted to streamline authentication for students,…...
March 3, 2022
Learn More
An overview of China's newly enacted data security law that increases the comprehensive legal framework for companies doing business in or with China
Unpacking China’s New Data Security Law and Privacy Legal Framework
If you’re a multinational enterprise (MNE) that does business in or with China, you’re likely aware of the Data Security…...
September 9, 2021
Learn More
Access Governance is Critical for Preventing Phishing Attacks
Access Governance is Critical for Preventing Phishing Attacks
The news is flooded with stories about cybercriminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19…...
May 18, 2020
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / How much does it cost to avoid a breach?

How much does it cost to avoid a breach?

By Chris Heller • July 2, 2014

If organizations won’t spend what’s necessary to license technology that protects their sensitive data because of cost considerations,we believe class action lawsuits will be a sea change in that way of thinking.

Here’s a link to the PC Chang breach class action law suit.

http://bit.ly/TOLoEC

Related Articles.

GreyHeller January Security Webinar Series
January 5, 2015 - San Ramon, CA – GreyHeller today announced an Insider Threat Security Webinar Series focused on helping…...
January 6, 2015
Learn More
$20 million in data breach costs vs. Licensing ERP Firewall……do the math
Costs associated with the Maricopa County Community College District (MCCCD) data breach that occurred in April 2013 continue to rise…...
May 21, 2014
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Lessons from the Code Spaces DDoS

Lessons from the Code Spaces DDoS

By Greg Wendt • June 27, 2014

Last week the website Code Spaces was attacked by a distributed denial of service attack (DDoS). This is a pretty normal occurrence that gets handled by systems and normal access is back soon. What makes the Code Spaces attack interesting is that a person had gained access to the EC2 control panel for the company and wanted a ransom to stop the attack.

There are numerous details on the link above to find out what happened next.

What can be learned from an attack like this?
DDoS attacks are still active and happen frequently. Evernote was hit earlier this month with the attack causing at least four hours of outages. A video game company’s website was hit this week as well with traffic peaking at 110 gigabytes per second. Estimates are that DDoS attacks will be in the range of terabit sized attacks in the near future.

Many organizations believe that everything is safe in the cloud. Basic functions are handed off to the cloud vendor who must prioritize clients: entrusting backups, restores, disaster recovery. Best practices dictate that your organization’s business continuity plans takes these risks and assumptions into consideration. Anytime you give up those controls, risk is added into the equation.

Another risk in moving mission critical functions to the cloud is Internet connectivity and lack of access to production systems if Internet is down.

We recommend:

  • Testing backups to ensure restores work and expectations are met.
  • Implement business continuity planning and determine how cloud providers play into those plans– test your disasters, be prepared.
  • Determine connectivity issue frequency – build contingency plans to reach the cloud during outages.

Related Articles.

An overview of China's newly enacted data security law that increases the comprehensive legal framework for companies doing business in or with China
Unpacking China’s New Data Security Law and Privacy Legal Framework
If you’re a multinational enterprise (MNE) that does business in or with China, you’re likely aware of the Data Security…...
September 9, 2021
Learn More
Access Governance is Critical for Preventing Phishing Attacks
Access Governance is Critical for Preventing Phishing Attacks
The news is flooded with stories about cybercriminals successfully engaging in phishing and social engineering aimed at exploiting people’s COVID-19…...
May 18, 2020
Learn More
December is Prime “ERP Data Breach” Season… Be Prepared!
Establishing security best practices for your PeopleSoft applications is always a work in progress. As newer, more advanced threats come…...
November 28, 2018
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Another day another phishing attack

Another day another phishing attack

By Greg Wendt • June 24, 2014

A single compromised website hosted 862 PHP scripts. Think about that for a minute – 1 server, with 862 scripts. These scripts targeted banking, webmail, PhotoBucket and many online dating sites. The attackers utilized the dating sites to eventually request money from the users. The time and energy invested in this attack is stunning. More information on the attack here.

From a PeopleSoft customer perspective, phishing attacks can be a daily event. Sophistication and success of these attacks varies greatly. End user training and support only goes so far in defense of the organization. Costs of remediation continue to soar. All it takes is one slip – one click – one password.

Compromised ERP solutions cost organizations time, money and lost credibility with constituents.

Is your organization going to continue to risk all of that on a single user id and password?

The attackers have all the time in the world, but you do not… The time is now for implementing Two-Factor Authentication (2FA) to help mitigate these attacks.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / $20 million in data breach costs vs. Licensing ERP Firewall……do the math

$20 million in data breach costs vs. Licensing ERP Firewall……do the math

By Chris Heller • May 21, 2014

Costs associated with the Maricopa County Community College District (MCCCD) data breach that occurred in April 2013 continue to rise and have nearly reached the $20 million mark.

http://bit.ly/1mYb24t

Higher education institutions store the same sensitive data as do banks – SSN; DOB; Address; Bank account/Direct Deposit.

Higher education institutions almost by definition have open networks.

The bad guys have figured that out and are launching full scale attacks on PeopleSoft higher ed customers.

Do the math…..license ERP Firewall for a fraction of data breach costs.

Related Articles.

December is Prime “ERP Data Breach” Season… Be Prepared!
Establishing security best practices for your PeopleSoft applications is always a work in progress. As newer, more advanced threats come…...
November 28, 2018
Learn More
University of Waterloo
University of Waterloo relaunches direct deposit self-service functionality for employees
Direct deposit is a given for most of us. Until it doesn't work. I definitely remember the days of getting…...
August 11, 2017
Learn More
Why the 2017 Anthem Healthcare breach matters to PeopleSoft customers
A GreyHeller customer – one of the largest financial services firms in the US – licensed and implemented our ERP…...
August 6, 2017
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Compiling PeopleCode

Compiling PeopleCode

By Chris Heller • February 13, 2014

One of the very useful features in Application Designer is the ability to compile the PeopleCode for a project.  You can select Tools -> Compile Project PeopleCode from the Application Designer menu to do so.  This is particularly useful for larger projects or when you are validating a project that has just been imported into an environment for the first time.  If, for example,  someone forgot to include all of the needed PeopleCode for things to work (maybe forgetting to include a needed application package in the project definition),  then compiling the project and finding out about the problem immediately is better than hearing about later when a runtime error happens.

I prefer to do the Compile Project PeopleCode as a first step,  before running the project validation (in the App Designer menu, Tools -> Validate Project) because the project validation stops at the first error while the compile PeopleCode will try to compile everything in the project and report on what it found.

Some enhancements in this area that we’d love to see:

  • A way to have this compilation happen automatically when a project is imported.  Either an option to do this on each project import or a general configuration setting indicating that it should always be performed.
  • Some filtering mechanism to not show all of the PeopleCode programs that successfully compile.  This is particularly annoying on larger projects because you have to wade through a lot of output in order to find and resolve any errors.

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / How to Prevent Student Grade Hacking in PeopleSoft

How to Prevent Student Grade Hacking in PeopleSoft

By Chris Heller • June 17, 2013

Larry just posted a YouTube video that describes how our ERP Firewall product’s 2-Factor Authentication feature can help prevent students from hacking into PeopleSoft Campus Solutions and changing grades. The video contains specifics on how 2-Factor Authentication works.

Larry created the YouTube video based on what was reported recently at Purdue University where students are facing felony charges for hacking into secure systems and changing grades (we don’t know whether the Purdue incident involved PeopleSoft).

Apparently, hacking to change grades is not uncommon:

Related Articles.

How Often Should You Perform PeopleSoft User Access Reviews And Why
How Often Should You Perform PeopleSoft User Access Reviews And Why
PeopleSoft teams often face threats caused by excess privilege, malicious insiders, and access misuse. Most of these can be mitigated…...
May 27, 2022
Learn More
7 Benefits Of Automating User Access Reviews In PeopleSoft
7 Benefits Of Automating User Access Reviews In PeopleSoft
When PeopleSoft users transition to different roles or offboard, their previous roles and accounts in the system often remain intact.…...
May 6, 2022
Learn More
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
8 Critical Success Factors For Achieving Audit-Readiness In PeopleSoft
Maintaining a state of audit readiness has become more critical than ever for organizations using PeopleSoft and other ERP systems…...
May 2, 2022
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / Chicago Office Opens

Chicago Office Opens

By Chris Heller • May 26, 2011

Chicago office opens

Well, we just couldn’t stay put in the San Francisco East Bay. Based on 2010 growth, and a great first half of 2011, we’ve opened an office in downtown Chicago. We plan to use Chicago as the access point to our Midwest and East Coast customers. And we’re hiring key technical resources…..so if you happen to know anyone who’s a strong PeopleSoft architect and lives in the greater Chicago area, please let us know. The new office address is 200 S. Wacker Drive, 15th Floor – directly across the street from the Willis (Sears) Tower.

Labels: chicago, hiring, new office, peoplesoft architect

Related Articles.

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

Home / Blog / PS/nVision is not configured properly on this workstation

PS/nVision is not configured properly on this workstation

By Chris Heller • March 21, 2011

Today, I was helping a customer configure our Desktop Single Signon product for use with nVision. Because this was a brand-new machine where nVision had never been run, he kept encountering the error PS/nVision is not configured properly on this workstation.

He was amazed when I gave him the solution: drop into a windows command shell and type

PSNVS.EXE /register

Magically, nVision started to work.

Huh? Why?

The error message is generated from the code that uses COM to initiate a conversation between Excel and the PeopleTools bindaries. You see, because nVision is part Excel and part PeopleTools, there’s a delicate dance that has to occur at startup between the two. COM facilitates the communications between the two.

Sometimes if the COM objects aren’t initialized properly (they’re supposed to do this as part of running workstation configuration… PSCFG.EXE, but sometimes it doesn’t work, especially when importing the settings from a file). Running nVision with the /register flag will force this to occur (if you want to unregister the COM objects, you type PSNVS.EXE /unregister).

Labels: excel, nVision

Related Articles.

Reporting against multiple Setids in PeopleSoft
This is another of those posts that I had intended to get completed a while ago, but ended up getting…...
April 9, 2008
Learn More
Baby steps with Reporting against PeopleSoft
So, you know that there’s opportunities for improving your end-users’ ability to get meaningful information out of PeopleSoft, but it…...
March 13, 2008
Learn More
Drilling Deeper into PeopleSoft Pages
For those who are familiar with our demo and posting that discusses how to drill from a report into a…...
September 21, 2007
Learn More

Put the Appsian Security Platform to the Test

Schedule Your Demonstration and see how the Appsian Security Platform can be tailored to your organization’s unique objectives

  1. Pages:
  3. 1
  4. ...
  5. 24
  6. 25
  7. 26
  8. 27
  9. 28
  10. 29
  11. 30
  12. 31
  13. 32
  14. 33
  15. 34
Request a Demo

Start your free demo

"Learn how you can reduce risk with rapid threat protection, audit response and access control. All from a single, comprehensive platform"

Trusted by hundreds of leading brands