Educause Security Discussion mailing list archives
Re: Password Vaulting
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Mon, 13 Oct 2008 21:35:29 +1300
we use Thycotic's Secret server and are very happy with it. We address the availability issue by having two separate servers (in different campuses) and syncing the database every 5 minutes. The database is also backed up daily and could be restored to a laptop if need be (this is the ultimate disaster recovery scenario). The access to the webserver on which the app runs is controlled via Secureid. We provide this service to all IT groups on campus. We feel that this system is an order of magnitude more accurate and secure than the paper based system that it replaced. SS will now change passwords for you too (but we have not yet tested this). It will should make the 3 monthly change of root/administrator passwords *much* quicker. Russell On 7/10/2008, at 9:53 AM, Jerry Sell wrote:
We are trying to get electronic vaulting of root and root equivalent passwords in place. We are receiving kickback from upper management, because they are not comfortable with the technology. If you are currently using electronic password vaulting we would appreciate a response. We would like to know what product you are using, is it successful, any horror stories, would you recommend it to others. Thank you, Jerry Sell, CISSP Security Analyst Brigham Young University (801)422-2730 Jerry_Sell () byu edu
Attachment:
smime.p7s
Description:
Current thread:
- Password Vaulting Jerry Sell (Oct 06)
- <Possible follow-ups>
- Re: Password Vaulting Joseph Corey (Oct 06)
- Re: Password Vaulting Roberts, Chris (Oct 07)
- Re: Password Vaulting Dave Koontz (Oct 07)
- Re: Password Vaulting Roberts, Chris (Oct 08)
- Re: Password Vaulting Russell Fulton (Oct 13)