Project

General

Profile

Actions
Copy link

communication #160508

open

RFC: Disable stale Heroes accounts

Added by crameleon about 1 month ago. Updated about 2 hours ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Compliance
Target version:
-
Start date:
2024-05-18
Due date:
% Done:

0%

Estimated time:

Description

To reduce the intrusion surface from credentials sitting with people who no longer use them, I propose to:

  • contact users who did not authenticate to the Heroes VPN for >= 6 months
  • if no response + login within 2 weeks, disable Heroes IDM account and revoke the corresponding VPN client certificate

This would be manifested in the infrastructure policy, and could be partially automated.

Actions
Copy link
 #1

Updated by crameleon about 1 month ago

  • Private changed from Yes to No
Actions
Copy link
 #2

Updated by crameleon 23 days ago

As per discussion in the meeting on 06/06/2024, grace period to be 4 instead of 2 weeks.

Actions
Copy link
 #3

Updated by kskarthik about 2 hours ago

crameleon wrote:

To reduce the intrusion surface from credentials sitting with people who no longer use them, I propose to:

  • contact users who did not authenticate to the Heroes VPN for >= 6 months
  • if no response + login within 2 weeks, disable Heroes IDM account and revoke the corresponding VPN client certificate

This would be manifested in the infrastructure policy, and could be partially automated.

I feel this can be fully automated, if we can have proper way to extract vpn logs of users

Actions
Copy link

Also available in: Atom PDF