Security Basics mailing list archives
[Suspected Spam]RE: enterprise password manager
From: "Valentin Fernandez Bolland" <vfernandez () juvaca com mx>
Date: Tue, 15 Sep 2009 19:03:04 -0500
Hi all:
Have you tried P-Synch, originally from P-Tech, lately bought by HDS (Hitachi-ID.com)? It manage, synchronize, etc.,
etc.
Give it a try; it's great.
Cheers,
Valentin Fernandez Bolland
Antes de imprimir este mensaje, piensa dos veces si es necesario que gastes una hoja de papel.
Before printing this message, please be sure it is necessary.
-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Barbod Kiani
Enviado el: sábado, 12 de septiembre de 2009 01:10 a.m.
Para: martin; security-basics () securityfocus com
Asunto: Re: enterprise password manager
Try RBAC, IDM & checkout the following:
http://www.sun.com/software/products/rolemanager/ds_rolemanager.pdf
http://www.sun.com/software/products/opensso_enterprise/index.xml
Just FYI, can also apply the following general rules 2 ur security list (for
ur passwd manager):
1) One time Passwd if got Trust level 1 (RSA-secureid be obtained)
2) Follow the passwd complexity guidelines (eg, Rainbows series)
3) Passwd filed for each ID populated, No blank space to any ids (Remember
ONLY one uid 0)
4) Disallow the use of the same passwd
5) Passwd shadowing where is needed
6) An authorized Record of approved access by ur companies senior officers
before doing any of the following u asked!
7) UUCP & such are disabled.
8) In ur known connections scripts or into ur console keys, no imbedded
clear t passwd.
9) Using the same passwd provided by vendors prohibited.
10) No access to the single user mode is given to unknown & unsecure
locations without a passwd.
11) Create specific passwd strings if need SNMP.
Respectfully yours,
Bob Kiani
----- Original Message -----
From: "martin" <martiniscool () gmail com>
To: <security-basics () securityfocus com>
Sent: Tuesday, September 08, 2009 6:47 PM
Subject: enterprise password manager
Hi All I'm looking for a password manager for use in our company for storing customer's passwords. Ideally, I would like on which can: 1. Require a username and password to access (or using AD would be even better) 2. Give different passwords depending on group membership (again, AD groups preferable) 3. Require that a user be a member of multiple groups in order to be given access to a password. eg, a user must be in the engineers group AND in the managers group. 4. Only give a lower level of access if a user is a member of a particular group. eg, if a user is in the engineers group AND the contractors group, they will only be given a read only password (if available). If they were only in the contractors group, they wouldn't get any password 4. Obviously, use encryption 5. Doesn't have to be free I'm also looking for something similar that can be used to store config files for routers, switches, firewalls etc. I know this is alot to ask, but I'd like to hear what other people are using Thanks in advance M ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- enterprise password manager martin (Sep 09)
- RE: enterprise password manager Cisternas Marquez, Gonzalo (Sep 11)
- Re: enterprise password manager A K (Sep 11)
- Re: enterprise password manager Barbod Kiani (Sep 15)
- [Suspected Spam]RE: enterprise password manager Valentin Fernandez Bolland (Sep 16)
- Re: enterprise password manager Gleb Paharenko (Sep 15)
- Re: enterprise password manager Ramki B Ramakrishnan (Sep 15)
- Re: enterprise password manager John Morrison (Sep 17)