Re: Password Storage

From: slaX0r (NOSPAMPLEASEslaX0r@cvtelecom.com)
Date: 03/30/03 

From: slaX0r <NOSPAMPLEASEslaX0r@cvtelecom.com>
Date: Sun, 30 Mar 2003 17:41:36 GMT

In our case, our department is Data Security, and we hold all the passwords,
including the one to decrypt the database. Yes, HR has their own quirks,
but in general we control access to those systems too.

d wrote:

>
> "Reid Forrest" <NOSPAMreid@cvtelecom.com> wrote in message
> news:F_pga.46814$o8.865658@twister.tampabay.rr.com...
>> d wrote:
>> > I
>> > see two solutions: a) The Low Tech - Each department writes down the
>> > password(s), seals them in an envelope and sends it to Iron Mountain or
>> > another document storage company. Unfortunately, this could add hours
> to
>> > our recovery times. b) The High Tech - some sort of crypto-intranet
>> > server
>> > at our DR site. Unfortunately all the password management solutions
>> > appear to be a single PC/Single user design.
>> >
>>
>> I prefer the semi-low-tech way. I keep a CD with encrypted copies of a
>> password database, along with recovery documentation, DR plans, vendor
>> contacts, etc. at home and in my car. Other key department members store
>> CDs also, and as a last resort, there is a copy at Iron Mountain.
>>
>> This has worked very well so far. You just need to make sure that you
>> keep the CDs updated.
>
> Thanks for the feedback. I have a few questions though.
>
> Who has the Password to unencrypt the database? And if it is on CD, how
> do
> you audit if it has been accessed? What seperation exists? Exec
> Management does not want me or my staff to have the passwords to the
> Accounting or HR systems, nor they to have access to the Network passwords
> normally, but they want the ability to get at the passwords in the event
> of a Disaster. (Assume worst case scenario, it occurs during business
> hours and significant numbers of each department are incapacitated.)
>
> Thanks,
> Dave 

-- 
Remove the NOSPAMPLEASE from my address to send me mail.

Relevant Pages

  • Re: Pathname to access and usernames in shortcut
    ... >> network drive (for maintenance reasons initially, ... >> using usernames but no passwords. ... change their passwords within the access database (they won't know how ... >> gets the current username from the system and then calls access (via the ...
    (microsoft.public.access.security)
  • Re: security issues
    ... It was obviously never meant to be; multiple defences against it being ... The Ubuntu installer uses a framework called debconf to do ... when you're asking for passwords ... you take a lot of care to clean them out of the database ...
    (Ubuntu)
  • Re: Basic security questions
    ... > question be able to open the database in the appropriate view. ... > Isn't there any way to just set up users with passwords that are saved ... How would I specify a relative path for the ... The path to the workgroup file is defined in a shortcut in the format: ...
    (microsoft.public.access.security)
  • Re: Windows service
    ... if you know all of this why you recommend to Rotsey not to use Domain Security? ... It's easily cracked, doesn't have any metering on it to prevent brute force attacks, transmits the credentials to the database in plain-text, and doesn't integrate at all into the standard security infrastructure already being used by the organization. ... There's no default monitoring of the invalid password attempts, no automatic account lock-out, etc. There's a ton of documentation on this found on the web. ... It's one less set of passwords to remember, less configuration in the long run, fewer plain-text passwords floating around in email & config files. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Security Problem with Access 2000
    ... has the user names, personal ID's, and passwords. ... I backed up the database on a CD. ... If you have the report with the user information, then you should be able to open the database with that information. ... Make sure that you're using the correct workgroup file (the wizard normally creates a desktop shortcut; ...
    (microsoft.public.access.security)