Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Password management

From: "Leon North" <leon_nc () linuxmail org>
Date: Tue, 09 Nov 2004 10:15:33 +0000
We are looking for an online solution, because the passwords are complex and changing regularly. Up until now we have 
used a solution similar to the physical safe idea you mentioned, but this isn't so practical for an admin to 'quickly' 
look up the current password of the system they want to connect to.

----- Original Message -----
From: "aldr1c" <aldr1c () nildram co uk>
To: "'Leon North'" <leon_nc () linuxmail org>
Subject: RE: Password management
Date: Mon, 8 Nov 2004 20:31:55 -0000



Leon,

      There are several packages out there that can do what you are
looking for; your chosen solution will depend upon your environment.
Working in secure facilities (well, complying with regulations set down by
the Government and other interested agencies;-) ) we use a fairly low tech
mechanism.  We hold a standalone computer with removable HD which is kept in
a security container along with our other sensitive network documentation.
On this we hold a spreadsheet of all of our sys passwords and certificates.
This is purely for our convenience.  When we create/change one of our
passwords, the new string is written down, sealed in a marked envelope and
'stored in a manner commensurate with its protective marking' by our SSO.
The same is done with exported certs.

Would this sort of approach cover your needs, or is there a driver for an
on-network, high tech solution?

All the best

Aldr1c

-----Original Message-----
From: Leon North [mailto:leon_nc () linuxmail org] 
Sent: 08 November 2004 14:13
To: security-basics () securityfocus com
Subject: Password management

Hi,

We are looking for advice on how others handle recording of passwords in IT
departments. 

Whenever we look at this all we get back are Single Sign On (SSO) & related
solutions, which is not what we want at the moment. We are more interested
in purely secure & granular network storage for passwords. I'm surprised
there isn't more around that does this, given that there must be plenty of
IT departments still without SSO, that are needing to remember a number of
regularly changing passwords for various systems. How do they record them,
but also only allow appropriate levels of access, i.e. access to passwords
of systems that each person in the department should have access to?
 
So far, apart from simply encrypted, password protected spreadsheets, the
only solution that I have found that does precisely this is the Cyber-Ark
Password Vault. If anybody has used this or any other similar products I'd
be very interested to hear what, and how well they worked.

If not, what do you do instead? 

Any help appreciated.

Leon
-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.789 / Virus Database: 534 - Release Date: 07/11/2004
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.789 / Virus Database: 534 - Release Date: 07/11/2004
 




-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze
Previous By Date Next
Previous By Thread Next

Current thread: