Educause Security Discussion mailing list archives
Re: Password Storage
From: Brian Griffith <griffibw () WHITMAN EDU>
Date: Thu, 17 Nov 2016 22:40:21 +0000
We've been running Secret Server on AWS as something of a pilot program, for DR reasons. In our case, we're using local accounts (long story, but we can enforce a lot stronger password policy and 2 factor auth this way), so it's a standalone server - no need for AD, etc. So far I've been impressed with the responsiveness and the cost of running on AWS. I was also able to negotiate quite a bit with Thycotic. I was very happy with the deal we ended up getting. We're just starting to get into some of the fancier Enterprise features, but so far I like it. Brian W. Griffith Information Security Officer Whitman College griffibw () whitman edu On Thu, Nov 17, 2016 at 2:32 PM David Curry <david.curry () newschool edu> wrote:
Thycotic supports a "high availability" configuration with multiple web and database instances. We run ours with two instances, one in each data center (you can have more than that if you want). We run IIS and SQL Server on the same server in each instance, although you can split them up as well. There are actually a few different configuration options depending on your needs. I suppose if you really wanted to you could put an instance in the cloud on AWS or something, although we have not tried this since we'd also have to put Active Directory and our two factor solution out there, which is more than we're prepared to do at present just for this. There's also a mobile app that can keep an encrypted copy of all the secrets (passwords) and run in "offline" mode if you want to do that to cover the case of everything being down and you need console access to stuff. --Dave David A. Curry, CISSP Director of Information Security The New School - Information Technology 71 Fifth Ave., 9th Fl. ~ New York, NY 10003 +1 212 229-5300 x4728 <(212)%20229-5300> ~ david.curry () newschool edu Sent from my phone; please excuse typos and inane auto-corrections. On Nov 17, 2016 16:51, "Thomas Carter" <tcarter () austincollege edu> wrote: I’ve looked into Thycotic; does the “all in one basket” aspect concern you? A problem with the server (corruption / failure / etc) and you have no passwords? What DR options do you have with your vault? *Thomas Carter* Network & Operations Manager / IT *Austin College* 900 North Grand Avenue Sherman, TX 75090 Phone: 903-813-2564 <(903)%20813-2564> www.austincollege.edu [image: http://www.austincollege.edu/images/AusColl_Logo_Email.gif] *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *David Curry *Sent:* Thursday, November 17, 2016 9:35 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Password Storage We are also using Thycotic Secret Server and have been for four or five years now. We've had it in a "high availability" configuration (basically an active/passive failover configuration) for about three years. We don't use the automatic password change functionality (one of these days...), but we have a few dozen people from three different teams using the vault on a daily basis and it works quite well. Support is always a pleasure to work with; I usually just do upgrades with one of their folks over a GoToMeeting screen share, and it goes smoothly. Integrating it with our two factor solution was easy as well (they have out-of-the-box support for pure RADIUS solutions like SecurID; our solution requires a little extra). --Dave -- *DAVID A. CURRY, CISSP* *DIRECTOR OF INFORMATION SECURITY* INFORMATION TECHNOLOGY 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 +1 212 229-5300 x4728 <(212)%20229-5300> • david.curry () newschool edu [image: The New School] On Thu, Nov 17, 2016 at 10:18 AM, Jones, Justin <jucjones () iu edu> wrote: My department, we use KeePass, it’s decent, but I personally use 1Password, and they have 1Password for teams now. Justin Jones VPR Information Technology Support (VPR IT) Office of the Vice President for Research IT Support Specialist – Team Lead 980 Indiana Ave Office: 2214 Lockefield Village 317-274-8962 <(317)%20274-8962> *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Chris Green *Sent:* Thursday, November 17, 2016 10:09 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Password Storage Bill, Are you allowing others on campus to use the personal version, or are you using the enterprise version for your campus? Thanks, -C. *Chris Green* Information Security Officer University of Texas at Tyler cgreen () uttyler edu *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Barnes, William *Sent:* Thursday, November 17, 2016 9:00 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Password Storage I’m personally using lastpass, and I’ve been recommending it to people here that ask for a password manager. Thanks! --Bill ************************************************************************* * Bill Barnes, RHCE, CISSP * Manager of Technology Support Services * and Library Network Administrator * Technology Support Services * Bloomsburg University * ph: 570-389-2813 <(570)%20389-2813> * e-mail: wbarnes () bloomu edu ************************************************************************* *From:* The EDUCAUSE Security Constituent Group Listserv [ mailto:SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>] *On Behalf Of *Kevin Crider *Sent:* Thursday, November 17, 2016 9:58 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Password Storage Does anyone have any recommendations for password storage? We’re evaluating Keeper (which we’ve heard some disparaging things about their support), and Last Pass. Thanks, Kevin -- Kevin Crider Director, Enterprise Systems Skidmore College 815 North Broadway Saratoga Springs, NY 12866 518.580.5929 <(518)%20580-5929> kcrider () skidmore edu
Current thread:
- Re: Password Storage, (continued)
- Re: Password Storage Baillio, Aaron (Nov 17)
- Re: Password Storage Chris Green (Nov 17)
- Re: Password Storage Jones, Justin (Nov 17)
- Re: Password Storage David Curry (Nov 17)
- Re: Password Storage Thomas Carter (Nov 17)
- Re: Password Storage Taylor Randle (Nov 17)
- Re: Password Storage Garrett Hildebrand (Nov 17)
- Re: Password Storage Taylor Randle (Nov 17)
- Re: Password Storage David Curry (Nov 17)
- Message not available
- Message not available
- Message not available
- Re: Password Storage David Curry (Nov 17)
- Re: Password Storage Brian Griffith (Nov 17)
- Re: Password Storage Russell Fulton (Nov 29)
- Re: Password Storage Harry Hoffman (Nov 29)
- Re: Password Storage Brian Epstein (Nov 17)