Security Basics mailing list archives
Re: Password Storage
From: guhus () hotmail com
Date: 2 Aug 2006 02:48:14 -0000
Hi doug, nice try with this. It's a real common problem to all security people involved and a big Dilema too. It's some kind of Who was the first, the chicken or the egg? =) Well, in my company we resolved this with two procedures: The first one is: some kind of locker where all passwords resides in. Only one is responsible of that documentation /locker combination. This problem has the disadvantages if the person in charge died. In that case, what we do? Do we call to the locksmith? I don't think so. But it's useful in some cases. The second one and more suitable as responsible of the security is using encrypted pendrives. ( look at truecrypt dot org ) Of course, if I die, We can't call to anyone (RSA 1024 keys has not been broken, if I'm sure). Also this, depends on a password ( and it could be in the locker too =) Anyway, there are a lot of useful tools to perform this task. I used truecrypt because It's flexible, robust, open source, fast and for mobile users, indeed. And always exists a grade of trust with your partners. Hope this helps. salu2.. GUs-XP --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: Password Storage, (continued)
- Re: Password Storage PCSC Information Services (Aug 02)
- Re: Password Storage Devdas Bhagat (Aug 02)
- Re: Password Storage Rob klein Gunnewiek (Aug 02)
- Re: Password Storage Robert Larsen (Aug 02)
- Re: Password Storage Ayaz Ahmed Khan (Aug 03)
- RE: Password Storage Nicholas Fanelli (Aug 02)
- Re: Password Storage Greg Merideth (Aug 03)
- Re: Password Storage Saqib Ali (Aug 04)
- Re: Password Storage Glenn English (Aug 03)
- Re: Password Storage Kenton Smith (Aug 03)
- Re: Password Storage guhus (Aug 02)
- Re: Password Storage info (Aug 02)
- Re: Password Storage c . brace (Aug 02)
- Re: Password Storage Needs More Longcat (Aug 03)
- RE: Password Storage Del Thompson (Aug 02)
- RE: Password Storage Dunigan, Michael (Aug 03)
- RE: Password Storage Krpata, Tyler (Aug 03)
- Re: RE: Password Storage krymson (Aug 03)
- Re: Re: Password Storage mail (Aug 03)
- Re: Password Storage Doug W (Aug 04)
- What to look in IIS Logs on daily basis Bhattacharya, Ananda (Aug 04)
(Thread continues...)