Re: Password Vaulting

["Roberts, Chris" <c.roberts1 () IMPERIAL AC UK>]

Dear Dave,

 

ManageEngine's PMP has a high availability mode, which we use to keep an
offsite live copy running in case of a major failure onsite.  You can
also often run export / reporting on the entries to get a static file
dump of passwords for putting in your fire safe, etc.  Needless to say
that this then becomes another set of 'crown jewels' to protect.

 

Regards,

 

Chris

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dave Koontz
Sent: 07 October 2008 18:06
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Vaulting

 

I have been looking similar software for a while now.  For those running
products like this, how do you ensure your passwords are always
available?  For instance, if the server running this application
crashes, what options do you have to get passwords to your other
systems?  Particularly if you have the software automatically changing
passwords on all the systems it maintains.


Roberts, Chris wrote ... (10/7/2008 12:41 PM): 

Dear Joseph,

 

We use ManageEngine's Password Manager Pro to centrally store and audit
administrative passwords.  We've been very impressed with the
functionality for the price. 

 

For example, we're using its APIs with our unattended server builds, to
ensure that the admin password is set at install time, and never
divulged to the administrator.  This ensures all use of the local admin
accounts is audited.

 

 I'd be happy to give more details if it would help.

 

Regards,

 

Chris

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joseph Corey
Sent: 06 October 2008 22:13
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Password Vaulting

 

Hi Jerry,

 

We've been using Enterprise Random Password Manager by Lieberman
Software for about eight months now and it has served our needs
wonderfully. They've made great strides with their most recent release.
It supports the storage and automatic randomization of Windows, Mac,
*nix, Cisco equipment, and many more passwords. They now support the
storage of the private key on an HSM module and support integration with
RSA OTPs. 

 

There are a few downsides like needing local admin rights on the server
to  administer the Win32 app, but all of the password requests,
approvals, and retrieval happen through the website. You only need the
Win32 app when adding new accounts/passwords. 

 

If you have specific questions about the product or would like a contact
there, feel free to contact me off-list. 

 

 

Joseph T. Corey  MCSE, Security+ 
Systems Administrator
jcorey () cmu edu 

 

 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jerry Sell
Sent: Monday, October 06, 2008 4:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password Vaulting

 

We are trying to get electronic vaulting of root and root equivalent
passwords in place. We are receiving kickback from upper management,
because they are not comfortable with the technology.

 

If you are currently using electronic password vaulting we would
appreciate a response. We would like to know what product you are using,
is it successful, any horror stories, would you recommend it to others.

 

Thank you,

 

Jerry Sell, CISSP

Security Analyst

Brigham Young University

(801)422-2730

Jerry_Sell () byu edu

 

 

 

-- 

 

Dave Koontz (MCSE/GCIH) 
Associate Director
Computer & Information Services
Mary Baldwin College
Email:  dkoontz () mbc edu
Phone: (540) 887-7399
 


<http://www.mbc.edu/>