Security Basics mailing list archives
RE: Admin password management
From: "Cornwell, Kay (NIH/NIGMS) [E]" <CornwelK () nigms nih gov>
Date: Wed, 20 May 2009 15:18:05 -0400
I have not used this product in an ISP environment, ours is a smaller enterprise environment. But I would suggest looking at E-DMZ's Password Auto Repository product (hardware device, 2nd device provides failover). That is supposed to handle Windows, Unix, SQL and Oracle passwords and provides a web based retrieval process that is logged. You can specify who has authorization to retrieve a password or you can have a web based authorization process (email is sent to an authorizer and you can set multiple levels - requires 1 2 or more authorizers to approve). The requestor must input a reason for retrieval. Passwords for the windows environment can be changed on an automatic schedule - I believe that you can also do this for other platforms and Oracle, or you can have password changes occur manually (i.e. use PAR to generate a random password, type it in and tell PAR change was successful and then it registers the password change. I did not price the product myself so not sure about cost. We have been using it here with success. E-DMZ Password Auto Repository http://www.e-dmzsecurity.com/ Kay Cornwell, MS GSEC, GSLC, GSAE -----Original Message----- From: mamo [mailto:mamo74 () gmail com] Sent: Wednesday, May 20, 2009 8:48 AM To: security-basics () securityfocus com Subject: Admin password management Hi all. I am responsible for the security of a small ISP. I need to manage the admin password of all the machine of the ISP (around 200 system mainly with linux, windows and solaris OS). By admin user I mean stuff like root, oracle, Oracle sys, MSsql SA, Bea admin password etc. We have a policy that require users to authenticate with nominal username/password (and sudo on UN*X) but there are situations where accessing with admin password is required, but it is not acceptable to share the password with all the group that work on IT Assurance activity. I would like to have a product that: - Log who take what password - Log who change the password - Permit to generate a new random password - Have a "decent" security - Permit to profile who can see what password (it is not mandatory) - Permit to add a note to the activity (why the users had the need to take the admin password) I am looking for a product that will be used by around 50-100 people that manage the ISP (not like keepass or password safe where the user has the encrypted db with all the password on the PC). I would appreciate to be able to do this activity with Open Source product, but I can evaluate also commercial product. Do you have any experience to share of product that match may description? Thank you. Mamo ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Admin password management mamo (May 20)
- RE: Admin password management Cornwell, Kay (NIH/NIGMS) [E] (May 21)
- RE: Admin password management Cisternas Marquez, Gonzalo (May 21)
- Re: Admin password management Aarón Mizrachi (May 21)
- <Possible follow-ups>
- Re: Admin password management grady (May 21)
- Re: Admin password management Zhihao Tan (May 22)
- RE: Admin password management Valentin Fernandez Bolland (May 22)
- Re: Admin password management Zhihao Tan (May 22)