Educause Security Discussion mailing list archives

Re: Managing passwords. Storing passwords.

From: Isac Balder <piis8 () YAHOO COM>
Date: Tue, 4 Mar 2008 09:32:32 -0800

Charlie,

I have not seen too many companies "authorize" these
types of apps.  I personally have never tinkered with
them.

The main reason for my reply is that ISSA Journal or
Information Security Magazine (I forget which one as I
am in the middle of both) just did an article on a
hand full of these.  Might want to check it out.

I.B.


--- "Warner, David F" <DWarner () COMMNET EDU> wrote:

We have been using password safe.
http://passwordsafe.sourceforge.net/

I have also heard keepass is a good solution.
http://sourceforge.net/projects/keepass/

both are open source projects available for free.

David Warner
Senior Security Specialist
CT Community Colleges




________________________________

From: The EDUCAUSE Security Constituent Group
Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of
Bombard, Charles L
Sent: Tuesday, March 04, 2008 11:40 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Managing passwords. Storing
passwords.



I was wondering more along the lines of the process
that system
administrators use to secure passwords they need to
use/remember.



Recommended applications to use or avoid?

Processes that you currently support?



-Charlie



==========================================



Charles Bombard, GSEC

LAN/Systems Administrator

Community College of Vermont

119 Pearl Street

Burlington, VT 05401

802.657.4234

bombardc () ccv edu



PRIVACY & CONFIDENTIALITY NOTICE: This message is
for the designated
recipient only and may contain privileged,
confidential, or otherwise
private information. If you have received it in
error, please notify the
sender immediately and delete the original. Any
other use of an email
received in error is prohibited.



From: The EDUCAUSE Security Constituent Group
Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of
Jon Hanny
Sent: Tuesday, March 04, 2008 9:07 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Managing passwords. Storing
passwords.



I am currently testing a product by edmz security
(http://edmzsecurity.com) that allows multiple users
to connect to
systems for priveleged tasks.  It is an appliance
that acts as a proxy
between authorized users and the system being
managed. I really like the
functionality of the appliance.  Having said that I
am having security
do a full assessment on the device before I
recommend deploying it on
our network.  You may want to look at their website
and see if it looks
like the type of system you are looking for.



Respectfully,



Jon Hanny, CISSP

Applications Security Specialist

The George Washington University

jehanny () gwu edu

www.gwu.edu <http://www.gwu.edu/>







________________________________

From: The EDUCAUSE Security Constituent Group
Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of
Bombard, Charles L
Sent: Tuesday, March 04, 2008 8:52 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Managing passwords. Storing passwords.

What policy do you have for having a password
storage utility? What do
you use/sanction?





-Charlie



==========================================



Charles Bombard, GSEC

LAN/Systems Administrator

Community College of Vermont

119 Pearl Street

Burlington, VT 05401

802.657.4234

bombardc () ccv edu



PRIVACY & CONFIDENTIALITY NOTICE: This message is
for the designated
recipient only and may contain privileged,
confidential, or otherwise
private information. If you have received it in
error, please notify the
sender immediately and delete the original. Any
other use of an email
received in error is prohibited.

------------------------------------------------------------------------

-------
NOTE: The sender of this email is different from the
email address shown
in the headers. The real sender of this message is:
owner-security () LISTSERV EDUCAUSE EDU

If you want to permanently block the sender of this
email, you would
need to add owner-security () LISTSERV EDUCAUSE EDU to
your Anti-Spam
Blocked Senders List. For more information see the
Anti-Spam FAQ item:

http://www.commnet.edu/it/security/anti-spam-faq.asp#BlockRealSender

------------------------------------------------------------------------

-------




      ____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

Current thread:

Managing passwords. Storing passwords. Bombard, Charles L (Mar 04)
- <Possible follow-ups>
- Re: Managing passwords. Storing passwords. Jon Hanny (Mar 04)
- Re: Managing passwords. Storing passwords. Bombard, Charles L (Mar 04)
- Re: Managing passwords. Storing passwords. Warner, David F (Mar 04)
- Re: Managing passwords. Storing passwords. Isac Balder (Mar 04)
- Re: Managing passwords. Storing passwords. Joseph Corey (Mar 04)
- Re: Managing passwords. Storing passwords. Josh Drummond (Mar 04)
- Re: Managing passwords. Storing passwords. Ray Bruder (Mar 05)
- Re: Managing passwords. Storing passwords. Lunceford, Dan (Mar 05)
- Re: Managing passwords. Storing passwords. Adam Schumacher (Mar 05)
- Re: Managing passwords. Storing passwords. John H. Sawyer (Mar 05)