« Previous 1 2 3 4
Requirements for centralized password management
Well Secured?
Guidelines for Permissions
The default permissions for new password entries also should be preconfigured. For example, you might want to grant all members of the operating team full access and grant the security team read permission for all new password entries in the "Mail Server" section. It should be possible to import the necessary group permissions, including read identifiers from Active Directory, so you can manage group memberships in one place. Automated sealing prevents race conditions when creating new password entries and keeps this important step from being forgotten.
Permissions should be of a temporary nature for situations in which someone assumes the responsibilities of another; otherwise, the risk is that someone assigned temporary privileges actually keeps them forever. As with any other software, two further selection criteria must be considered: The password management tool must be easy to operate, so you need to find a compromise between efficiency for power users who are constantly working with the tool and intuitive controls for casual users who might only need to deposit their changed passwords once a quarter. Additionally, the total cost of ownership for the password management solution – including hardware, software, administration, ongoing operation, and commercial support – must be appropriate to your organizational framework and objectives.
Conclusions
Organization-wide, centralized password management has many advantages, but it often meets with skepticism from administrators who are asked to deposit their credentials. The number of passwords that need to be accessible to several people can be minimized, but completely avoiding password sharing is difficult.
The transition from purely personal password management or offline methods, such as sealed envelopes in a vault, to an organization-wide password management tool must be well planned.
The biggest advantage of server-based solutions is reliable alerting for the person responsible if passwords are accessed in exceptional circumstances. However, you should not underestimate the overhead involved, for example, in configuring the folder structure, permissions, and default email alerts.
Infos
- PSE: http://www.passwordsafe.de/en/home.html
- KeePass: http://www.keepass.info
- KeePassX: http://www.keepassx.org
« Previous 1 2 3 4
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Centralized Password Management
Time and again, situations arise in which admins need access to a system they do not otherwise manage. But, do you want to hand over responsibility for password management to a centralized software? What capabilities must that software have?
-
Lithnet Password Protection for Active Directory
Lithnet Password Protection for Active Directory provides flexible rules beyond that possible with group policies alone and prevents the use of previously compromised passwords. -
Test your system to help fight phishing attacks
The Gophish phishing framework lets you set up your own phishing campaigns to identify vulnerabilities and make users aware of these dangers. -
New versions of the Endian and Sophos UTM solutions
UTM systems combat all kinds of dangers under the policy of Unified Threat Management. The demands and expectations of customers fuel competition. Two of the most popular manufacturers – Endian and Sophos – have now released new versions of their solutions. -
Save money with Samba as the domain controller on a legacy Windows NT-style domain
Samba can act as a PDC or BDC on a Windows NT4-style domain. Compared with a Windows-only solution, Samba saves money on licensing, and users can log in from Linux or OS X.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
