[unisog] Password vaulting
Buhrmaster, Gary
gtb at slac.stanford.edu
Tue Feb 19 17:35:45 GMT 2008
> Hi all. I have been asked by management to do some asking
> around to see if anybody out there is currently using any
> sort of "password vault" solution to manage administrative
> privileges to secure systems.
I once encountered a low tech solution. A sealed envelope
in the datacenter inside a box stored in a well known location
(along with a copy of other recovery procedures and
documentation, such as contacts, contract numbers, etc.)
During those days of a 24/7 operations staff, it was simple
to have control over access, and a process to change the
password and place the new password back into a new sealed
envelope. Including humans (rather than just technology)
in the loop was necessary at the time, but I recommend it
today (as humans can make judgement calls as to when
procedures should be damned). I have no idea if that
datacenter still has 24/7 staffing (I doubt it), nor if
they still use a similiar approach (again, probably not).
Gary
More information about the unisog
mailing list