Re: admin account password management

[Alexander Klimov <alserkli () inbox ru>]

On Tue, 8 Feb 2005, Lars Weste wrote:
>  developing a password policy i'm wondering of which rules you have to
>  secure admin level accounts on a bunch of client hosts and other hardware
>  like switches or disk storages. more or less i came across three
>  solutions:
>  1. define classes of admin level accounts for devices and client hosts
>  depending on their security. define a password for every class and use
>  that password at any device in that class.
>  2. define classes of admin level accounts for devices and client hosts
>  and define one or more password generation rules depending on the
> classes
>  of the account and generate different passwords for each device
> according
>  the rules at each class of device.
>  3. define for any admin account at any device and client host an
>  independent and strong password.
>
>  just only looking at the passwords, point 3, independent ones seems most
>  secure, but also most cumbersome to the administrator.
>
>  so just wondering whether someone can share some practical experiences?

Note that in some (most?) situations you can't gain much by going from
1 to 2: if an attacker find a password for one device and the rules
are obvious (as they are likely supposed to be followed by
humans, e.g., pass-pc1 for pc1 and pass-pc2 for pc2) he will figure
out passwords for all other such devices.

I think that 3 is the only secure option (frankly, I saw only one
organization which uses it), and it is not that cumbersome to the
administrator, since above some number of device classes he can not
any longer rely on his memory and have to write passwords down anyway.

In real life organizations use even simpler policy (which does not
mean that the policy is written or even honored to be thinked about
:-) -- there is only one (simple, to be easily remembered) password
which is known to all IT stuff and used for all the devices.

-- 
Regards,
ASK