Skip to content
  • There are no suggestions because the search field is empty.

Security Configuration: Supporting Users

Tags: Version 11.5

    This topic describes well‐defined policies around help desk procedures for your RSA NetWitness Platform installation.

    It is important to have well‐defined policies around help desk procedures for your RSA NetWitness Platform installation. RSA recommends that your help desk administrators understand the importance of password strength and the sensitivity of data, such as user logon names and passwords. Creating an environment where an end user is frequently asked for this kind of sensitive data increases the opportunity for social engineering attacks. Train end users to provide, and help desk administrators to request, the least amount of information needed in each situation.

    Preventing Social Engineering Attacks

    Fraudsters frequently use social engineering attacks to trick unsuspecting employees or individuals into divulging sensitive data that can be used to gain access to protected systems. RSA recommends that you use the following guidelines to help reduce the likelihood of a successful social engineering attack:

    • Help desk administrators should only ask for User IDs over the phone when receiving help desk calls. Help desk administrators should never ask for user passwords.
    • The help desk telephone number should be well known to all users.
    • Help desk administrators should perform an action to authenticate the user's identity before performing any administrative action on a user's behalf. For example, ask users one or more questions to which only they know the answer.
    • If help desk administrators need to initiate contact with a user, they should not request any user information. Instead, users should be instructed to call the help desk back at a well‐known help desk telephone number to ensure that the original request is legitimate.

    Confirming User Identities

    It is critical that your help desk administrators verify end users' identities before performing any help desk operations on their behalf. RSA recommends that you verify user identity using the following methods:

    • Call the end user back on a phone owned by the organization and on a number that is already stored in the system.

    Caution: Be wary of using mobile phones for identity confirmation, even if they are owned by the company because mobile phone numbers are often stored in locations that are vulnerable to tampering or social engineering.

    • Send the user an email to a company email address. If possible, use encrypted email.
    • Work with the employee's manager to verify the user's identity.
    • Verify the identity in person.
    • Use multiple open‐ended questions from employee records. For example, "Name one person in your group" or "What is your badge number?" Avoid yes or no questions.

    Advice for Your Users

    RSA recommends that you instruct your users to do the following:

    • Never give passwords to anyone.
    • Change passwords at regular intervals.
    • Inform your users of what information requests to expect from help desk administrators.
    • Always log off from the web interface when finished.
    • Always lock their desktops when stepping away from their computers.
    • Regularly close their browser and clear their cache of data.

    Note: Consider regular training to communicate this guidance to users.

    You are here
    Table of Contents > Supporting Users