ISUCIT Overcoming the Perils of Password Sharing Doug

  • Slides: 14
Download presentation
#ISUCIT

#ISUCIT

Overcoming the Perils of Password Sharing Doug Wood #ISUCIT

Overcoming the Perils of Password Sharing Doug Wood #ISUCIT

Administrative passwords are literally ‘aplenty’ in the enterprise. They are mostly insecurely shared and

Administrative passwords are literally ‘aplenty’ in the enterprise. They are mostly insecurely shared and lie scattered in the enterprise leaving little scope for any internal controls. Though the security and operational problems caused by shared administrative passwords are so obvious, no organization can afford to eliminate them altogether. This session presents Password Manager Pro, an effective way to meet this challenge and its importance as an effective Shared Account Password Management system. #ISUCIT

Challenge of Shared Passwords Administrative passwords are omnipresent and are used to sustain operations

Challenge of Shared Passwords Administrative passwords are omnipresent and are used to sustain operations through their use in servers, network devices, databases, and other applications where privileged access is required. As an institution, we have many of these administrative privileged accounts used in shared environments. That means, a group of administrators may use a common privileged account access a particular resource. Therefore these accounts are accessible to all the members of the team. It is always good to avoid sharing administrative passwords. Practical needs of the university require selective sharing of administrative passwords without compromising security. #ISUCIT

Traditional Password Management Passwords may be being maintained in text files, spreadsheets, homegrown tools,

Traditional Password Management Passwords may be being maintained in text files, spreadsheets, homegrown tools, or physical vaults. Using these type of methods leads to unintended sharing of passwords. Developers having full access to database passwords, UNIX administration team having full access to Windows passwords and so on. #ISUCIT

Security Threats and Drawbacks It is common for administrators assigning familiar words or short

Security Threats and Drawbacks It is common for administrators assigning familiar words or short phrases as passwords, for ease of use. Passwords of resources changed and, without close cooperation among administrators, could affect daily operations. If a text file or spreadsheet containing shared administrative passwords reaches the hands of a malicious party, data security and the reputation of the institution could be adversely affected. Who has access to what resources. The traditional password management approach has no provision for this. #ISUCIT

Shared Account Password Management Password Manager Pro is an on premise web-based, Shared Account

Shared Account Password Management Password Manager Pro is an on premise web-based, Shared Account Password Management solution to control the access to shared administrative passwords and privileged accounts of any resource. This enables IT administrators to enforce standard password management practices of maintaining a central repository of passwords, usage of strong passwords, and aid in controlling access to these shared administrative passwords and privileged accounts. #ISUCIT

Password Manager Pro Access Roles Password Manager Pro is accessed with an Active Directory

Password Manager Pro Access Roles Password Manager Pro is accessed with an Active Directory user id and is assigned an access role. The access role defines the operations that can be performed. Administrator – manage the PMP application and perform all the resource and password operations. They only see resources and passwords they created and the passwords that are shared to them by others. Password Administrator - perform all the resource and password operations within the resource groups assigned to them. They only see resources and passwords they created and the passwords that are shared to them by others. Password User – Only see passwords that are shared to them by an Administrator or Password Administrator. Password Auditor – Same privileges as Password User with the addition of access to audit records and reports. Number of Administrators and Password Administrators limited by licensing. No restriction on the number of Password Users. #ISUCIT

Password Manager Pro Home Page #ISUCIT

Password Manager Pro Home Page #ISUCIT

Resources and Passwords Resources are shared administrative passwords or privileged accounts used in servers,

Resources and Passwords Resources are shared administrative passwords or privileged accounts used in servers, databases, network devices, applications, service accounts etc. Passwords may either be displayed or copied the clipboard to be pasted into the password field of an SSH or RDP terminal session. #ISUCIT

Resources Groups Resources may be grouped together for easier management. The groupings can be

Resources Groups Resources may be grouped together for easier management. The groupings can be done by specifying a criteria, when a new resource is added is becomes part of that group. Resource groups may be shared with other users or user groups. Users who have shared access to the group can see passwords of the resources within the resource group. #ISUCIT

Password Manager Pro Access How do I get PMP? If you are wanting to

Password Manager Pro Access How do I get PMP? If you are wanting to obtain access for your support group, you will need to do the following: Contact the AT Business Office to request a PMP administrator license. Submit a Cherwell ticket to AT ION Infrastructure Apps requesting access for your support group. A PMP Administrator from AT ION Infrastructure Apps will then contact you to schedule a time to setup, configure and provide more detailed documentation. #ISUCIT

Questions #ISUCIT

Questions #ISUCIT

#ISUCIT

#ISUCIT

ISUCIT ISUCIT Project Management all around Dean PlumadoreISUCIT ISUCIT Project Management all around Dean Plumadore
PASSWORD Proteksi Password Langkahlangkah dalam memproteksi Password 1PASSWORD Proteksi Password Langkahlangkah dalam memproteksi Password 1
Password Weakness What makes a password weak PasswordPassword Weakness What makes a password weak Password
BENTUK KEAMANAN DENGAN MENGGUNAKAN PASSWORD PENGENALAN PASSWORD PasswordBENTUK KEAMANAN DENGAN MENGGUNAKAN PASSWORD PENGENALAN PASSWORD Password
THE PERILS OF POSTPONEMENT The Perils of PostponementTHE PERILS OF POSTPONEMENT The Perils of Postponement
v maritime perils l perils of the seasv maritime perils l perils of the seas
The Perils and Prospects of Evolutionary Psychology PerilsThe Perils and Prospects of Evolutionary Psychology Perils
ISUCIT Welcome to CIT 2016 Session Personally IdentifiableISUCIT Welcome to CIT 2016 Session Personally Identifiable
Email isucitillinoisstate edu Ro F Channels ISUCIT WelcomeEmail isucitillinoisstate edu Ro F Channels ISUCIT Welcome
ISUCIT IT News Announcements 9 45 a11 aISUCIT IT News Announcements 9 45 a11 a
Exploit Password Cracking An Overview on Password CrackingExploit Password Cracking An Overview on Password Cracking
Router AUX Password Password asin auxiliary modem enableRouter AUX Password Password asin auxiliary modem enable
Capturing Moments Login Username Password Reset Password LoginCapturing Moments Login Username Password Reset Password Login