#
 

“Envelope Technology” and the Story of the “Never-Changing Password”

January, 2008

Oded Valin

Sometimes when I look at envelopes, I understand technology. When I was a college student, I worked in the computer server room where we had a secret lockbox full of envelopes.
Every time I had to upgrade a database or create a new user, I remember looking for the correct envelope (will it be this yellow one or this blue one?). After I found it, I went happily to the designated server.
You can imagine how disappointed I was when I went to the Windows server or to the Unix server, typed the password stored in the envelope, and got “Username and password do not match” or “The system could not log you on. Make sure your user name and domain are correct.”
Imagine yourself on a cold night, all you want to do is finish this shift and you can’t. Just because someone forgot to update the password in the envelope!
In another company where I worked, we didn’t have envelopes. However, any employee who had worked there during the previous four to five years could come whenever he wanted (and I mean any year that he wanted ... ) and type the “standard” password – Password? The name of the company? Top secret? Admin? Q1w2e3? And like magic, they were in with the most powerful permissions.
Standard passwords become widely known to every worker, vendor and technician who visits your company; I assume you wouldn’t let this happen in your own home, would you?
Well, in a world where we don’t have extra time and everything is automatic, why should we waste time managing administrative passwords manually?
What should you look for in a password-management system?
• You want it to be safe and secure. These are the most powerful passwords in the organization; you don’t want them stored in an Excel file or in an Access database. Just imagine what could happen if someone accessed the local administrator password for the Active Directory or the Web server?
• Full integration with your organization. Many companies can write a nice application to store passwords in an Access database, but you need much more than this. For example: backup integration (Veritas, Backup Exec, etc.); monitor integration (HP OpenView, Tivoli, etc.); transparent user management (LDAP integration, user’s point of view, etc.) – you don’t want to redefine all the IT department users again.
• Automatic synchronization. Machines are added and removed from the network on a daily basis. You want a system that can automatically reflect these changes.
• “2 clicks to a password” Web interface. In the end, your IT department will need to use these administrative passwords quite often; it should be easy for them to access them.
• Full audit. You, as a manager, want to know exactly who used the last root password. Who used the administrative password of the CEO laptop? Who took the emergency password of the mainframe? You must comply with regulations, and you should ask for state-of-the-art security software that will store the audit trails.
• Disaster recovery. You are going to store keys to your most sensitive and important data; you had better have a robust disaster recovery component.
• Automatic change of passwords. Regulations force you to change your passwords every 30 days. This means the end of the manual era.
You need a password-management system to change the local administrator passwords on the 10,000 desktops that you have, as well as the entire set of Unix servers’ root passwords.
In addition, I recommend the following devices as a comprehensive list of supported platforms that password-management systems should support:
• High availability. Dealing with the most sensitive passwords in your organization, you want the password-management system to provide maximum availability to the enterprise and ensure business continuity.
• Management dashboard. You, as a manager, should be able to see a real-time snapshot of administrative passwords and privileged account usage. The dashboard should include a group of different charts that graphically display your compliance with policies, usage status and, of course, anomaly activities.
• Hard-coded passwords. Many scripts contain hard-coded passwords. These scripts are not secured, and they contain the password in plain text.
Any “new employee” can look at these scripts and take the passwords to “explore their limits.” You need a component in the password-management system that will solve this problem and integrate easily with your application server.
• Distributed architecture. You probably have more than two network areas, so your password-management system should have centralized management with the ability to change passwords on a distributed network, without needing to redesign your entire network structure.
• Proven enterprise class scalability. Check that enterprises such as yours are totally satisfied with their chosen solution.
I hope I’ve helped you understand what a password-management system should look like.

Oded Valin is a regional sales engineer for Cyber-Ark Software. He can be reached through its Web site (www.cyber-ark.com).


#