Re: Password Management Tool - WebPasswordSafe

[Josh Drummond <jdrummon () UCI EDU>]

Hi,

If you are looking for the centralized multi-user password safe solution 
with delegated access controls, rather than a total "privileged identity 
management" system to completely take over your enterprise accounts and 
passwords, you may want to check out WebPasswordSafe 
(http://www.webpasswordsafe.net).

It is a free, open-source, multi-platform solution more in the vein of 
Thycotic Secret Server or Password Manager Pro that you linked to.  It 
was developed with security and flexibility in mind (i.e. pluggable 
modules for audit logging, authentication, authorization, data 
encryption, and password generation) to play well with organization's 
existing technology stack, a challenge we often have in higher-ed with 
vendor products (being free and open-source helps the higher-ed budget 
too :) ).

Recent blog posts point out some of the differences between it and the 
ones you mentioned 
(http://webpasswordsafe.blogspot.com/2011/03/webpasswordsafe-vs.html) 
and also a visual walkthru to get an idea of what it does before 
downloading it 
(http://webpasswordsafe.blogspot.com/2011/03/meet-webpasswordsafe.html)

Thanks,
~Josh


On 07/27/2010 01:24 PM, Adam Carlson wrote:
> Chris,
>         Here are some of the solutions we have been evaluating.  I believe there has been a previous discussion on this 
> list already as I got some of these from other Educause members so it may be worth searching the archives (the notes 
> relating to EDUCAUSE members are from the previous discussion):
>
>      * Cyber-Ark http://www.cyber-ark.com/
>            o Selected Number One By Network World 
> http://www.networkworld.com/reviews/2008/042808-access-control-test.html?page=1
>      * E-DMZ http://www.e-dmzsecurity.com/tpam-ppm.html
>      * Quest http://www.quest.com/
>      * Symark/BeyondTrust http://www.beyondtrust.com/
>      * Thycotic Secret Server http://www.thycotic.com/products_secretserver_overview.html (Russell Fulton EDUCAUSE 
> Security)
>      * Password Engine Password Manager Pro http://www.manageengine.com/products/passwordmanagerpro/ (Jon Hanny, CISSP 
> The George Washington University, EDUCAUSE Security)
>
> Based on my research, Cyber-Ark looks like a "Gold Standard" type product but has a price tag to match.  I went to a 
> vendor demo of this product and had the opportunity to talk to some current customers with large installations.  They mostly 
> seemed to like it minus a few quirks and it sounded like the vendor was rolling out some improvements that they had been 
> requesting, which is a good sign from a customer support perspective.
>
> The range in price on these products is huge so getting a better understanding of your specific functionality is important.  If 
> you're looking for a web-based or centralized keepassx system, you can pay much less than Cyber-Ark.  Some things that 
> Cyber-Ark will give you that the cheaper options may not is the ability to detect password changes and actually re-sync passwords 
> for you, allow users to RDP to a server through cyber-ark without ever actually knowing the password, provision more granular 
> permissions with extensive auditing and federation, etc.  We have not actually deployed Cyber-Ark so please don't take this 
> as a full fledged recommendation, but it will probably be the product that we go with as soon as I validate that we will actually 
> use all of the additional functionality and have the time to put it in place.
>
> -Adam
>
> Chris Vakhordjian wrote:
>    
> > Hello Everyone,
> >
> > I recall a previous post regarding what universities/corporations are using for managing passwords, passwords to 
> > privileged or service accounts. Not necessarily, tools for end-user support, such as password resets.
> > Some suggested Password Manager Pro as a good tool.  Just curious what others might be using or would recommend.
> >
> > Thank you,
> > Chris
> >
> >      
>