Security Basics mailing list archives
Re: NOC password management
From: "Ryan Chow" <rynchow () gmail com>
Date: Thu, 15 Mar 2007 10:36:32 +1100
Firstly common to all solutions is ensuring: Ability to audit the process - that is knowing who accessed the password(s) and when. Password Management Policy - how long passwords are valid for, complexity requirements, reset procedures, what happens when an Administrator leaves. Access control - processes to grant and restrict access to password storage. I've not seen a software based solution in place. However in such a solution I would be looking closely at ensuring that the password data is encrypted at rest and the machine is physically secured when not needed (in a safe). As loss of the password database would be problematic to say the least! I've seen paper based solutions where all passwords are stored in a safe, each in tamper evident envelopes and written down. Access is controlled physically to the machines that are administrated and to the safe. Auditing is made more difficult unless access can be logged from the safe. On 3/15/07, List Subscriptions <lists.canuck.eh () gmail com> wrote:
As the security administrator I constantly get complaints from the network admins about how hard it is to remember all the passwords. What are the best practices for enterprise password management? What products are available? They came to me with Mandylion labs password management token ( http://mandylionlabs.com/). Has anyone used this product or have any insight into the best solution? Thanks in advance
Current thread:
- NOC password management List Subscriptions (Mar 14)
- Re: NOC password management Tremaine Lea (Mar 15)
- Re: NOC password management Soumen Paul (Mar 15)
- Re: NOC password management FocusHacks (Mar 15)
- RE: NOC password management Cornwell, Kay (NIH/NIGMS) [E] (Mar 15)
- Re: NOC password management Ryan Chow (Mar 15)
- <Possible follow-ups>
- Re: NOC password management sbkchk (Mar 15)