RE: Admin password management
- From: "Cisternas Marquez, Gonzalo" <gcisternas@xxxxxxxxxxx>
- Date: Wed, 20 May 2009 14:58:09 -0400
Maybe you can consider Onet Time Pasword?
Or any other centralized scheme for several servers passowrd management.
Atte.
G.C.
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
| _ |
| Campaña de cinta Ascii ( ) |
| - contra el correo X |
| HTML / \ |
| |
+-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+
-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En nombre de mamo
Enviado el: Miércoles, 20 de Mayo de 2009 8:48
Para: security-basics@xxxxxxxxxxxxxxxxx
Asunto: Admin password management
Hi all.
I am responsible for the security of a small ISP. I need to manage the
admin password of all the machine of the ISP (around 200 system mainly
with linux, windows and solaris OS).
By admin user I mean stuff like root, oracle, Oracle sys, MSsql SA,
Bea admin password etc. We have a policy that require users to
authenticate with nominal username/password (and sudo on UN*X) but
there are situations where accessing with admin password is required,
but it is not acceptable to share the password with all the group that
work on IT Assurance activity.
I would like to have a product that:
- Log who take what password
- Log who change the password
- Permit to generate a new random password
- Have a "decent" security
- Permit to profile who can see what password (it is not mandatory)
- Permit to add a note to the activity (why the users had the need to
take the admin password)
I am looking for a product that will be used by around 50-100 people
that manage the ISP (not like keepass or password safe where the user
has the encrypted db with all the password on the PC).
I would appreciate to be able to do this activity with Open Source
product, but I can evaluate also commercial product.
Do you have any experience to share of product that match may description?
Thank you.
Mamo
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------
- References:
- Admin password management
- From: mamo
- Admin password management
- Prev by Date: Re: Allowing access to social networking... securely?
- Next by Date: RE: Admin password management
- Previous by thread: Admin password management
- Next by thread: RE: Admin password management
- Index(es):
Relevant Pages
|
Loading
