[unisog] Password vaulting

Russell Fulton r.fulton at auckland.ac.nz
Wed Feb 20 21:39:10 GMT 2008


we are using Thycotic's Secret Server: http://www.thycotic.com/products_secretserver_overview.html 
  and are very happy with it. Pice was order of $1000 dollars for the  
software.  It is still under active development and improving all the  
time.  We have been using it for two years.

Highly recommended!

We were going to implement our own but were short of programmer hours  
and then we found SS and decided to implement it as a stop gap  
measure.  After the first upgrade we abandoned our plans to do it  
ourselves.  Thycotic have been responsive to our requests for new  
features.

Russell

On 20/02/2008, at 5:04 AM, Trevor Odonnal wrote:

> Hi all.  I have been asked by management to do some asking around to  
> see if anybody out there is currently using any sort of "password  
> vault" solution to manage administrative privileges to secure systems.
>
> For those who may not be familiar with this term, a password vault  
> is a system that vaults administrator or root passwords in either a  
> physical vault, or electronic secure storage.  When an individual  
> needs root or admin access to a secure system, he or she must have a  
> valid work order or change control number to request the access.   
> The password is removed from the vault and provided to the  
> individual for a specific amount of time.  At the end of this time  
> period, the password is changed and re-vaulted.
>
> The obvious question is "Why not just assign admin or root authority  
> to the user's account?"  That is the usual procedure.  However,  
> there are times when engineers need full root access to a system to  
> perform their duties, or emergencies arrive when the privileges are  
> needed right away.
>
> So, is anybody using a system like this?  If so, what are you doing  
> and how well is it working?  What kinds of political issues have you  
> had to deal with?  Thanks in advance!
>
> Trevor O'Donnal CISSP, CCFS, GREM
> Network Security Analyst
> Brigham Young University
> (801) 422-1477
> trevoro at byu.edu
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog



More information about the unisog mailing list