Managing passwords is a daunting task. There is also the problem with IT shops using the same root or administrator password for several devices, despite warnings otherwise. On Monday, Lieberman Software is releasing a new version of Random Password Manager, adding features to incorporate RSA SecurID and Hardware Security Module.
Lieberman software is set to release a new version of Random Password Manager on Monday.(IMG;J.Anderson/Liebsoft.com)
It wasn’t too long ago that The Tech Herald spoke to Lieberman software during RSA. While it wasn’t the largest topic of debate at the conference, one of the issues discussed was authentication. Passwords can be a nightmare, especially if you have a massive IT environment and need to remember all of them.
This is often solved by assigning a common root password or administrator password to all devices. (Often these are long and sturdy passwords, but the issue is that they are the same for every server or desktop.)
According to Gartner Research Vice President Ant Allan, “In any organization, the use of every platform and device ultimately relies on superuser accounts, which are the most powerful in the organization. Although superuser accounts are indispensable in meeting continuity and availability needs, unless organizations make a disciplined effort to ensure these accounts are used appropriately, they become a shortcut for lazy administrators, putting systems at risk.”
What Random Password Manager does is continuously randomize local administrator and root account passwords on every system in the office or datacenter, and enables temporary recovery of current passwords via an audited web interface. The passwords are secured using AES-256 encryption in a SQL Server database, and SSL to the browser.
Random Password Manager will work with all Windows systems (desktop to server platforms), Linux, and UNIX systems too. It covers SQL Server and Oracle databases, and Cisco and Juniper hardware devices.
This solves the problem of keeping the same password across the network for administrator accounts, and likewise keeps the IT team from keeping a massive list of passwords on an internal site.
The new version, due Monday, will add the ability to interface with any Hardware Security Model (HSM) provided there is a PKCS #11 interface library provided. (http://en.wikipedia.org/wiki/Hardware_Security_Module) The new version will also add the ability to use RSA SecurID for dual layered authentication.
According to Lieberman, effective password management means that IT departments “…must be able to manage passwords across multiple, cross-platform systems, ensure that stored passwords are continuously synchronized with the target systems, and allow delegated users to quickly retrieve these passwords on demand,” said Chris Stoneff, product manager at Lieberman Software.
Solutions like Password Manager are often overlooked because of expense; the cost from Lieberman is about $30 per device with discounts offered to Enterprise. Again, IT shops deal with password management in the form of master lists, or keeping the same password across the board.
If your company does this, and you want to try something different, it wouldn’t hurt to download the 30-day trial.
http://www.liebsoft.com/index.cfm/products?id=276
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story