Government Security
Network Security Resources

Jump to content

Photo

Enterprise Password Management / Vault Software

- - - - - server network router tools audit
  • Please log in to reply
3 replies to this topic

#1 DaveAngry

DaveAngry

    Private

  • Members
  • 1 posts

Posted 30 July 2009 - 10:39 PM

Requirements
- Manage thousands of passwords
- Tie into LDAP / AD for authentication on the network
- Ability to specify WHO has access to certain passwords
- Audit history to prove the passwords have been changed to our auditors
- High availability
- Inexpensive

Nice to Have
-
Audit who accessed passwords and when
- Reporting on password strength and expired passwords, etc. Basically lots of pretty colorful things that management would enjoy looking at
- Ability to sync to an on-call laptop for off-site (disconnected) viewing of passwords in a secure way
- API support
- Feature to double check the servers / routers passwords to make sure they are in sync with the password mgmt software
- Feature to automatically change the password on the remote system when it's changed within the software


I've looked at some different solutions out there.

KeePass
Free, stand-alone, great for the smaller departments to use on their own. We use this right now. Doesn't meet all the new requirements.

Password Manager Pro v6.1
I'm working on a trial for this right now. It seems to have almost everything we're looking for and for a great price.

Liebertman Software - Random Password Manager
I'm still waiting to talk to a salesperson about this, but it may be another possible tool.


Does anyone else have any experience with a solution like this?

Thanks!

Dave

#2 Wildfarmer

Wildfarmer

    Private

  • Members
  • 2 posts

Posted 09 September 2009 - 05:06 AM

Hi, at work I am curently using a Joomla Version running on Ubuntu as OS
We have created a list within the functionality within a Joomla Template provided by funky-visions
Further we have added all passwords in to a big list, people can have access to certain parts of this list and you can see in the log file if you who access the passwords and when,

It's possible to createa php code as far as I know wich recalls mstsc with pregiven username or password.
Scanning trough the list for example you can organise it by selecting server names or applications or customers as Header of each field/table.

Hope this gives one possible solution...


#3 packet

packet

    Specialist

  • Sergeant Major
  • 649 posts

Posted 09 September 2009 - 06:44 AM

I've got some great solutions that meet all your requirements (except one) and go beyond them even. The one requirement they may not meet is inexpensive. But do take a look at Password Auto Repository by EDMZ, it adds everything you said plus it can act as a gateway for SSH and RDP such that the end user never needs to see a password. Plus it can record all actions taken and play them back which can really help out with compliance issues.

Then of course there is Cyber-ark which is also very good.

Worth looking at anyways even if they may be out of budget.
Abusus non tolit usum
The gopher is back!

#4 srobb3871a

srobb3871a

    Private

  • Members
  • 1 posts

Posted 06 April 2011 - 11:06 AM

>> Does anyone else have any experience with a solution like this?

Dave - we are using Secret Server (http://www.thycotic....r_overview.html) and it meets all the requirements you listed (depending on your definition of inexpensive :rolleyes:).

It manages thousands of our admin passwords, provides audit trails, audit history, fine grain permissions, API, AD integrated and automatically changes passwords.

We actually have Secret Server managing all the Windows local admin passwords for our servers and workstations on campus.

I think the total solution came in below $10k which is not bad given the size of our team and for enterprise-class software.
Sysadmin by day ... beer aficionado by night.





Also tagged with one or more of these keywords: server, network, router, tools, audit