[unisog] Password vaulting
r.fulton at auckland.ac.nz
Wed Feb 20 21:39:10 GMT 2008
we are using Thycotic's Secret Server: http://www.thycotic.com/products_secretserver_overview.html
and are very happy with it. Pice was order of $1000 dollars for the
software. It is still under active development and improving all the
time. We have been using it for two years.
We were going to implement our own but were short of programmer hours
and then we found SS and decided to implement it as a stop gap
measure. After the first upgrade we abandoned our plans to do it
ourselves. Thycotic have been responsive to our requests for new
On 20/02/2008, at 5:04 AM, Trevor Odonnal wrote:
> Hi all. I have been asked by management to do some asking around to
> see if anybody out there is currently using any sort of "password
> vault" solution to manage administrative privileges to secure systems.
> For those who may not be familiar with this term, a password vault
> is a system that vaults administrator or root passwords in either a
> physical vault, or electronic secure storage. When an individual
> needs root or admin access to a secure system, he or she must have a
> valid work order or change control number to request the access.
> The password is removed from the vault and provided to the
> individual for a specific amount of time. At the end of this time
> period, the password is changed and re-vaulted.
> The obvious question is "Why not just assign admin or root authority
> to the user's account?" That is the usual procedure. However,
> there are times when engineers need full root access to a system to
> perform their duties, or emergencies arrive when the privileges are
> needed right away.
> So, is anybody using a system like this? If so, what are you doing
> and how well is it working? What kinds of political issues have you
> had to deal with? Thanks in advance!
> Trevor O'Donnal CISSP, CCFS, GREM
> Network Security Analyst
> Brigham Young University
> (801) 422-1477
> trevoro at byu.edu
> unisog mailing list
> unisog at lists.dshield.org
More information about the unisog