[unisog] Password Vaults

vijay at ericavijay.net vijay at ericavijay.net
Tue Oct 7 03:33:56 GMT 2008


Take a look at cloakware , which is a good product.  It has many API 
capabilities to do what you desire.

HP OO is an automator tool (expensive for licencse) but includes a password 
vault application.

The idea should be to provide access to the Password Vault application 
itself through a two factor authentication system;
Do all the required policy & process controls to ensure it will not be 
abused.  Every security plan include pPT - people
(assume less relilable because they are more talented - therefore a small p) 
& Process and Technology.


Regards
Vijay

----- Original Message ----- 
From: "Trevor Odonnal" <trevoro at byu.edu>
To: "UNIversity Security Operations Group" <unisog at lists.dshield.org>
Sent: Tuesday, October 07, 2008 1:54 AM
Subject: [unisog] Password Vaults


> We are in the process of suggesting the use of an electronic password 
> vault solution to manage access to root and administrator passwords for 
> servers, network devices, etc.  Our hope is to have the software manage 
> the passwords in such a way that the custodian doesn't need to see the 
> password at any time.  Specifically, we are looking for the following 
> features:
>
> 1. The software stores the password in an encrypted format
> 2. The software changes the password automatically when it is checked back 
> in to the vault
> 3. Users must follow a clear approval procedure with oversight before 
> being granted access to the password.
> 4. And of course, logging.
>
> There are other things we are looking for but these are the main 
> requirements.  The problem we are having is convincing upper management 
> that the technology is mature enough to be trusted with this kind of role. 
> They are concerned as to what might happen should the vaulting solution 
> fail in some way and we have no way to access the systems.
>
> So my question is, have any of you implemented anything along these lines, 
> if so, how is it working for you.  How is the stability and reliability of 
> the solution you implemented?  Do you have concerns about system failure? 
> Thank you in advance to all who respond.
>
> --------------------------------------
> Trevor O'Donnal CISSP, CCFS, GREM
> Network Security Analyst
> Brigham Young University
> (801) 422-1477
> trevoro at byu.edu
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog 



More information about the unisog mailing list