Security Basics mailing list archives
Re: enterprise password manager
From: "Barbod Kiani" <B_Kiani () ISC IRANET NET>
Date: Sat, 12 Sep 2009 10:40:03 +0430
Try RBAC, IDM & checkout the following: http://www.sun.com/software/products/rolemanager/ds_rolemanager.pdf http://www.sun.com/software/products/opensso_enterprise/index.xmlJust FYI, can also apply the following general rules 2 ur security list (for ur passwd manager):
1) One time Passwd if got Trust level 1 (RSA-secureid be obtained) 2) Follow the passwd complexity guidelines (eg, Rainbows series)3) Passwd filed for each ID populated, No blank space to any ids (Remember ONLY one uid 0)
4) Disallow the use of the same passwd 5) Passwd shadowing where is needed6) An authorized Record of approved access by ur companies senior officers before doing any of the following u asked!
7) UUCP & such are disabled.8) In ur known connections scripts or into ur console keys, no imbedded clear t passwd.
9) Using the same passwd provided by vendors prohibited.10) No access to the single user mode is given to unknown & unsecure locations without a passwd.
11) Create specific passwd strings if need SNMP. Respectfully yours, Bob Kiani----- Original Message ----- From: "martin" <martiniscool () gmail com>
To: <security-basics () securityfocus com> Sent: Tuesday, September 08, 2009 6:47 PM Subject: enterprise password manager
Hi All I'm looking for a password manager for use in our company for storing customer's passwords. Ideally, I would like on which can:1. Require a username and password to access (or using AD would be even better)2. Give different passwords depending on group membership (again, AD groups preferable) 3. Require that a user be a member of multiple groups in order to be given access to a password. eg, a user must be in the engineers group AND in the managers group. 4. Only give a lower level of access if a user is a member of a particular group. eg, if a user is in the engineers group AND the contractors group, they will only be given a read only password (if available). If they were only in the contractors group, they wouldn't get any password 4. Obviously, use encryption 5. Doesn't have to be free I'm also looking for something similar that can be used to store config files for routers, switches, firewalls etc.I know this is alot to ask, but I'd like to hear what other people are usingThanks in advance M ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital CertificateIn this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- enterprise password manager martin (Sep 09)
- RE: enterprise password manager Cisternas Marquez, Gonzalo (Sep 11)
- Re: enterprise password manager A K (Sep 11)
- Re: enterprise password manager Barbod Kiani (Sep 15)
- [Suspected Spam]RE: enterprise password manager Valentin Fernandez Bolland (Sep 16)
- Re: enterprise password manager Gleb Paharenko (Sep 15)
- Re: enterprise password manager Ramki B Ramakrishnan (Sep 15)
- Re: enterprise password manager John Morrison (Sep 17)