ccvision
Requirements for centralized password management
Well Secured?
Typing in login names and passwords has, for many years, been the most common form of authentication in IT environments with normal protection requirements. Alternatives such as tokens, smart cards, electronic cards, and various types of biometrics have not changed this. There is virtually no alternative to passwords: Low implementation costs, sufficiently high user acceptance, and the relative rarity of significant security incidents suggest that passwords are unlikely to become extinct in the near future.
Emergency password management covers situations in which third parties not directly involved in service operations need access to systems under exceptional circumstances to prevent greater damage. For example, the objective could be for a 24/7 security team to access compromised servers, even if the system administrator is not available.
In Case of Emergency
The classic solution to this problem is a list of passwords in a sealed envelope that is deposited in a vault and handed over when an emergency occurs. Conventional solutions like this, however, do not scale adequately: Now larger organizations and data centers need to deposit not just a handful but dozens or hundreds of passwords, and regular password changes are required not only for password policies based on ISO/IEC 27001 but also, for example, in case of staff changes.
Maintaining a stored list of passwords thus evolves from a subjectively annoying chore to an objective time waster. Migrating emergency password management to a centralized, server-based software solution that can be used from any workstation offers many benefits but also incurs many security risks and needs to be well considered because of its importance.
This article examines the opportunities and risks and derives specific selection criteria for centralized password management products. The practical implementation is discussed using the Leibniz
...
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Centralized Password Management
Time and again, situations arise in which admins need access to a system they do not otherwise manage. But, do you want to hand over responsibility for password management to a centralized software? What capabilities must that software have?
-
New versions of the Endian and Sophos UTM solutions
UTM systems combat all kinds of dangers under the policy of Unified Threat Management. The demands and expectations of customers fuel competition. Two of the most popular manufacturers – Endian and Sophos – have now released new versions of their solutions. -
Test your system to help fight phishing attacks
The Gophish phishing framework lets you set up your own phishing campaigns to identify vulnerabilities and make users aware of these dangers. -
Lithnet Password Protection for Active Directory
Lithnet Password Protection for Active Directory provides flexible rules beyond that possible with group policies alone and prevents the use of previously compromised passwords. -
Migration from LDAP to FreeIPA
The change from centralized user authentication on a vanilla LDAP server to the FreeIPA identity management solution is easier than many admins think. Given attention to a few points, the migration takes very little time and effort.