RE: NOC password management

["Cornwell, Kay (NIH/NIGMS) [E]" <CornwelK () nigms nih gov>]

If you have some money, this system has lots of promise.  We've got it
but have not finished implementation


http://www.e-dmzsecurity.com/

Look at PAR - hardware based system
Can automatically change AD system/resource passwords
If you authorize someone access to an account they can sign in and
retrieve a password - you can then have the password on the device
change (think it will also do UNIX) so essentially you have a one time
password.

An automated, appliance-based solution 
Automatically generates, updates, 
and checks admin passwords 
Contains a dual-control release 
mechanism for regulatory compliance 
Protects passwords during transmission 
and while in storage 
Ubiquitous, secure password accessibility 
Secure File Storage & Release Controls

I don't usually deal with the financials - so I don't know how much it
cost but for a medium to large environment I expect it would pay for
itself very quickly.

Kay Cornwell, MS, GSEC, GSLC, GSAE
NIGMS ISSO
NIH
Bethesda, MD




-----Original Message-----
From: List Subscriptions [mailto:lists.canuck.eh () gmail com] 
Sent: Wednesday, March 14, 2007 10:20 AM
To: security-basics () securityfocus com
Subject: NOC password management

As the security administrator I constantly get complaints from the
network admins about how hard it is to remember all the passwords.
What are the best practices for enterprise password management?  What
products are available?  They came to me with Mandylion labs password
management token ( http://mandylionlabs.com/).  Has anyone used this
product or have any insight into the best solution?

Thanks in advance