Educause Security Discussion mailing list archives
Re: Administrative account access control
From: "Niedens, Travis" <Travis_Niedens () REDLANDS EDU>
Date: Mon, 26 Jan 2004 08:37:49 -0800
We use Windows server for Cisco ACS auth and I have even labbed Windows 2003 Server and done TLS-PEAP with it; it works pretty flawlessly. Personally, I'd rather use keyfob / SecurID to authenticate. I'm used to this environment and prefer it. I guess one benefit is that most admins that deploy it run it off of Solaris, however, it can be costly. Most modern NOS's can authentication for you. The choice you make really is dependant upon your environment (support, budget, comfort, etc.) Travis Niedens Network Manager University of Redlands Phone: (909) 748-6328 Fax: (909) 793-2029 VoIP Phone: (909) 799-4778 VoIP Extension: 4778 -----Original Message----- From: Anthony Schroeder [mailto:aschroeder () GW HAMLINE EDU] Sent: Monday, January 26, 2004 7:05 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Administrative account access control i don't want to start a NOS war, but the answer is don't get rid of the netware systems. we have roughly 35 intel servers (netware and active directory) and about 8 solaris machines, as well as quite a few cisco switches that are all administered by 3 people. nds runs the whole thing...we have an automatic import process from our HR/student record system that creates the accounts as the person is hired/admitted to school, and disables the account as they leave. we use netware as our file/print we have connectors to active directory and NIS that provides account information to the other systems (including passwords/etc). we use cisco's access control server that pulls the authentication information from NDS to allow certain people to log in with different priveledges to the switches - the person logs in as himself, rather than a generic administrative user novell is coming out with some web-based self-password administration mechanism (to handle forgotten passwords, etc). it all works pretty slick. anthony.
STEVE () BUMAIL BRADLEY EDU 1/23/2004 1:22:05 PM >>>
We have about 30 servers and large numbers of routers and switches that are administrated by roughly a dozen people. Naturally, we want a high secure environment for administrative access. All these devices have different, difficult passwords. It is not impossible to remember all the passwords. Also, we want to avoid the situation where we can't fix a problem because no one is around who knows a particular password. I have been looking for solutions to provide secure access to administer resources, provide a log of access, allow us to grant or restrict access quickly and easily, etc. I've been talking to Priva Technologies, but wonder if others have this same problem and what they have done to address it. What vendor solutions are available? Our environment is CISCO network, and VPN. We have a Sun1 LDAP system and also use Active Directory. We have some Netware, but it is on the way out. Thanks for any insights you can provide, Steve Patrick, Bradley University ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Administrative account access control Patrick, Stephen (Jan 23)
- <Possible follow-ups>
- Re: Administrative account access control Anthony Schroeder (Jan 26)
- Re: Administrative account access control Niedens, Travis (Jan 26)