Re: Password Vaulting

[Dave Koontz <dkoontz () MBC EDU>]

I have been looking similar software for a while now.  For those running
products like this, how do you ensure your passwords are always
available?  For instance, if the server running this application
crashes, what options do you have to get passwords to your other
systems?  Particularly if you have the software automatically changing
passwords on all the systems it maintains.


Roberts, Chris wrote ... (10/7/2008 12:41 PM):
> Dear Joseph,
>
>
>
> We use ManageEngine's Password Manager Pro to centrally store and
> audit administrative passwords.  We've been very impressed with the
> functionality for the price.
>
>
>
> For example, we're using its APIs with our unattended server builds,
> to ensure that the admin password is set at install time, and never
> divulged to the administrator.  This ensures all use of the local
> admin accounts is audited.
>
>
>
>  I'd be happy to give more details if it would help.
>
>
>
> Regards,
>
>
>
> Chris
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Joseph Corey
> *Sent:* 06 October 2008 22:13
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* Re: [SECURITY] Password Vaulting
>
>
>
> Hi Jerry,
>
>
>
> We've been using Enterprise Random Password Manager by Lieberman
> Software for about eight months now and it has served our needs
> wonderfully. They've made great strides with their most recent
> release. It supports the storage and automatic randomization of
> Windows, Mac, *nix, Cisco equipment, and many more passwords. They now
> support the storage of the private key on an HSM module and support
> integration with RSA OTPs.
>
>
>
> There are a few downsides like needing local admin rights on the
> server to  administer the Win32 app, but all of the password requests,
> approvals, and retrieval happen through the website. You only need the
> Win32 app when adding new accounts/passwords.
>
>
>
> If you have specific questions about the product or would like a
> contact there, feel free to contact me off-list.
>
>
>
>
>
> *Joseph T. Corey  */MCSE, Security/+
> *Systems Administrator*
> *jcorey () cmu edu <mailto:jcorey () cmu edu> *
>
>
>
>
>
>
>
> *From:* The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Jerry Sell
> *Sent:* Monday, October 06, 2008 4:53 PM
> *To:* SECURITY () LISTSERV EDUCAUSE EDU
> *Subject:* [SECURITY] Password Vaulting
>
>
>
> We are trying to get electronic vaulting of root and root equivalent
> passwords in place. We are receiving kickback from upper management,
> because they are not comfortable with the technology.
>
>
>
> If you are currently using electronic password vaulting we would
> appreciate a response. We would like to know what product you are
> using, is it successful, any horror stories, would you recommend it to
> others.
>
>
>
> Thank you,
>
>
>
> Jerry Sell, CISSP
>
> Security Analyst
>
> Brigham Young University
>
> (801)422-2730
>
> Jerry_Sell () byu edu <mailto:Jerry_Sell () byu edu>

--



*Dave Koontz* (MCSE/GCIH)
Associate Director
Computer & Information Services
*Mary Baldwin College*
Email:  dkoontz () mbc edu
Phone: (540) 887-7399


<http://www.mbc.edu/>