Home page logo
/

basics logo Security Basics mailing list archives

Re: NOC password management
From: FocusHacks <focushacks () gmail com>
Date: Thu, 15 Mar 2007 08:07:25 -0500

I've seen encrypted text files with GnuPG.  This seems to be a common
way to do it.  You need to make sure that procedure is followed
regarding passphrase strength on each users' private key (or use the
same private key and passphrase for all users) as well as handling
cleartext.  The users should never save a clear copy of the document.

The above is a solution I've seen employed at several places I've
worked.  My current employer uses a homebrew solution that works
really well.  Unfortunately, I do not feel comfortable disclosing the
details, but it's no more nor less effective than the solution I
mentioned above.

On 3/14/07, List Subscriptions <lists.canuck.eh () gmail com> wrote:
As the security administrator I constantly get complaints from the
network admins about how hard it is to remember all the passwords.
What are the best practices for enterprise password management?  What
products are available?  They came to me with Mandylion labs password
management token ( http://mandylionlabs.com/).  Has anyone used this
product or have any insight into the best solution?

Thanks in advance



--
http://www.FocusHacks.com - The Ford Focus Modification Site!
http://www.focushacks.com/focushacks-gpg.txt - My GPG encryption key


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault