RE: Password Auto-Repository

["Drew Burke" <drewburke81 () hotmail com>]

Xyberpix,
        I'm assuming this box would be accessible remotely via the 
internet. This sounds like a time bomb waiting to go off, or even better the 
"pot of gold" at the end of the rainbow. I would rather see one person lose 
one good night’s sleep instead of see the whole IT staff losing days trying 
to recover if this box were compromised.  How are you thinking of securing a 
box like this? What did your internal/external audit team have to say about 
the device?

Drew


> From: "xyberpix" <xyberpix () xyberpix com>
> To: security-basics () securityfocus com
> Subject: Password Auto-Repository
> Date: Wed, 9 Feb 2005 11:45:30 -0000 (GMT)
>
> Hey All,
>
> Need some thoughts on this device:
>
> http://www.e-dmzsecurity.com/par.html#f
>
> Damagement is considering buying a couple of these, as at present things
> such as root passwords are stored in a safe, and well, when access is
> needed to root passwords at say 3 in the morning, one of the security
> staff have to physically come into the office to read the password out to
> someone. As you can imagine this is not an optimal way to do things, so
> they found this device. Now personally i don't like the idea of having one
> device sitting on the network that has all our critical passwords on it.
> Especially something running Windows 2003. What are you views on this, and
> any recomendations would be greatly appreciated.
>
> xyberpix