Security Basics mailing list archives
Re: enterprise password manager
From: martin <martiniscool () gmail com>
Date: Wed, 30 Sep 2009 22:00:38 +0100
Hi All Apologies for the late reply - unfortunately I don't get to devote as much time to this list as I'd like to. First off, thanks to everybody for all the replies and suggestions, very much appreciated. Secondly, I think my subject line was probalby a little mis-leading. I'm not looking for an IDM/SSO solution. I am actually looking for a utility to securely store passwords and manage who has access to them. While I don't agree with "storing" passwords, I've learnt over the years that in some cases it's inevitable. We currently have lists of passwords for various different customers (such as Domain Admin passwords, root passwords, DSRM passwords, fw/router/switch logons etc) as well as firewall/router/switch/etc config files ... which of course contain passwords, SNMP community names etc etc Currently we store the passwords in excel sheets and config files in text files which are stored on our windows file server. Although the security to these files is locked down to a certain extent, I still don't personally feed that it's a good method of doing things. Windows permissions do not let me grant security based on multiple groups. For example, I may only want the site manager for customer A to have access to the firewall config files (and passwords) (just as an example). I have a security group for everybody based at Customer A, and I have a group for site managers. But there's no way in Windows to say that you have to be a member of BOTH groups in order to access a particular file. This is just one example of where I think we're lacking a certain amount of control, but this isn't the only one. I've looked at the examples above, but the Password Manager Pro software looks quiet complicated and is a bit outside our budget for something like this. Surely I'm not the only one in this position ? How do other companies manage these types of confidential info ? Or am I just being too fusy ? Does anybody have any other suggestions other than the ones above ? Or do I just need to start looking at a standard password manager apps ? thanks again for any additional guidance anybody can providee M ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: enterprise password manager martin (Oct 01)