Educause Security Discussion mailing list archives
Re: Password Management Tool
From: Adam Carlson <ajcarlson () BERKELEY EDU>
Date: Tue, 27 Jul 2010 13:24:15 -0700
Chris, Here are some of the solutions we have been evaluating. I believe there has been a previous discussion on this list already as I got some of these from other Educause members so it may be worth searching the archives (the notes relating to EDUCAUSE members are from the previous discussion): * Cyber-Ark http://www.cyber-ark.com/ o Selected Number One By Network World http://www.networkworld.com/reviews/2008/042808-access-control-test.html?page=1 * E-DMZ http://www.e-dmzsecurity.com/tpam-ppm.html * Quest http://www.quest.com/ * Symark/BeyondTrust http://www.beyondtrust.com/ * Thycotic Secret Server http://www.thycotic.com/products_secretserver_overview.html (Russell Fulton EDUCAUSE Security) * Password Engine Password Manager Pro http://www.manageengine.com/products/passwordmanagerpro/ (Jon Hanny, CISSP The George Washington University, EDUCAUSE Security) Based on my research, Cyber-Ark looks like a "Gold Standard" type product but has a price tag to match. I went to a vendor demo of this product and had the opportunity to talk to some current customers with large installations. They mostly seemed to like it minus a few quirks and it sounded like the vendor was rolling out some improvements that they had been requesting, which is a good sign from a customer support perspective. The range in price on these products is huge so getting a better understanding of your specific functionality is important. If you're looking for a web-based or centralized keepassx system, you can pay much less than Cyber-Ark. Some things that Cyber-Ark will give you that the cheaper options may not is the ability to detect password changes and actually re-sync passwords for you, allow users to RDP to a server through cyber-ark without ever actually knowing the password, provision more granular permissions with extensive auditing and federation, etc. We have not actually deployed Cyber-Ark so please don't take this as a full fledged recommendation, but it will probably be the product that we go with as soon as I validate that we will actually use all of the additional functionality and have the time to put it in place. -Adam Chris Vakhordjian wrote:
Hello Everyone, I recall a previous post regarding what universities/corporations are using for managing passwords, passwords to privileged or service accounts. Not necessarily, tools for end-user support, such as password resets. Some suggested Password Manager Pro as a good tool. Just curious what others might be using or would recommend. Thank you, Chris
-- Adam Carlson Chief Security Officer Information Technology Residential and Student Service Programs Tel: 510-643-0631 Email: ajcarlson () berkeley edu "Most of the things worth doing in the world had been declared impossible before they were done." ~Louis D. Brandeis
Current thread:
- Password Management Tool Chris Vakhordjian (Jul 27)
- Re: Password Management Tool Kevin Hayes (Jul 27)
- Re: Password Management Tool Brian Murray (Jul 27)
- Re: Password Management Tool Adam Nave (Jul 27)
- Re: Password Management Tool Brian Murray (Jul 27)
- Re: Password Management Tool Ray Bruder (Jul 27)
- Re: Password Management Tool Daniel Bennett (Jul 27)
- Re: Password Management Tool Greg Williams (Jul 27)
- Re: Password Management Tool Adam Carlson (Jul 27)
- Re: Password Management Tool Kevin Hayes (Jul 27)