What is Password Management, and why is it necessary? We regularly hear the time period 'Password Management', but don't take into account why we'd like it or what the true meaning is. In simplistic terms, Password Administration means controlling, reporting and securing access to privileged passwords which are used to realize entry to IT Systems. Why is it essential? The results of poor password administration and insecure systems is all too evident within the press recently with 1000's of password breaches for Sony Ps Network, Gawker media's sites, RockYou.com and possibly LastPass. When selecting your personal Password Administration software program platform, the next options should be considered so your group doesn't additionally develop into a victim.
Password Encryption
When viewing the raw data in the database, all passwords and other sensitive information should be encrypted, using industry standard strong encryption like AES 256bit encryption. By ensuring this sort of information is encrypted means the data is effectively useless if hackers were to gain access to it. Another method in further obscuring the raw data is to ensure the encrypted values of two identical passwords do not appear the identical.
Prevent Unauthorized Access via the Backend
It's essential to guard the backend database, to ensure users or hackers can not grant themselves entry by manipulating data in the database. If such manipulation should happen, the frontend to your Password Administration system should alert administrators to such tampering, and stop further use till the problem has been investigated and remedied.
Prevent Unauthorized Access via the Front end
Similarly to defending the backend, the frontend of your Password Management system must also have relevant controls in place to protect unauthorized access. Authentication to your Password Administration system ought to ideally tie into an current directory companies system equivalent to Active Listing or similar. Only as soon as you might be authenticated in opposition to the directory service are you able to authenticate against your Password Management system. Some form of secondary authentication is also really useful, in case the listing service account has been breached.
Authorized Access Control
As soon as you might be inside your Password Administration system, sufficient access control ought to be out there and in place so users can not achieve entry to information they are not meant to see. Your Password Management system should be function-primarily based, providing higher flexibility into who can administer the system, and who can modify the data.
Secure Transmission over the Network
There's no point securing the back end database and controlling access via the front end if passwords are being transmitted around the network in an insecure fashion. The majority of good Password Management systems are web based, which means the web server should be further secured by configuring the web site to use an SSL Certificate. This SSL Certificate will encrypt all traffic from the user's desktop browser to the web server, which ensures any probes on the network cannot 'sniff' the sensitive data.
Audit all Activities
Even if the front end to your Password Management system was breached, it's important to track all activities which occur within your system, including the source IP Address of the computer terminal which instigated the activity. Ideally most activities within your system should be logged, and audited regularly.
Alerts for Unauthorized Access
Along with regularly reviewing audit logs in your Password Management system, it's essential actual-time alerting is accessible for unauthorized access, providing the related authorities with enough data so they can investigate the potential breach.
Mitigate Against Unlocked Computer Screens
It doesn't take lengthy for someone to walk away from their pc, with the screen unlocked, and any individual else walks up and positive aspects entry to whatever is on the screen. Your Password Administration system ought to have multiple features which mitigate this form of potential breach reminiscent of automated logouts, computerized hiding of seen passwords on the display screen, and automatic clearing of any passwords copied to the clipboard.
Removing Access When It Is No Longer Required
It's a fact of life that as customers move into totally different roles, or transfer to different organizations altogether, their entry to IT Programs is probably not eliminated as rapidly as they need to be. Your Password Management system also needs to assist time-based mostly entry to sensitive passwords, so entry is robotically eliminated after a specified interval of time. One other useful feature is to remove entry to passwords the subsequent time a password is changed.
Patch Your IT Systems
It's vital you employ regular patch management methodology, ideally monthly, to ensure vulnerabilities in your software are eliminated previous to them being exploited. Essential patches needs to be assessed as quickly as they're accessible, and deployed with a sense of urgency if your methods are affected.
Password Encryption
When viewing the raw data in the database, all passwords and other sensitive information should be encrypted, using industry standard strong encryption like AES 256bit encryption. By ensuring this sort of information is encrypted means the data is effectively useless if hackers were to gain access to it. Another method in further obscuring the raw data is to ensure the encrypted values of two identical passwords do not appear the identical.
Prevent Unauthorized Access via the Backend
It's essential to guard the backend database, to ensure users or hackers can not grant themselves entry by manipulating data in the database. If such manipulation should happen, the frontend to your Password Administration system should alert administrators to such tampering, and stop further use till the problem has been investigated and remedied.
Prevent Unauthorized Access via the Front end
Similarly to defending the backend, the frontend of your Password Management system must also have relevant controls in place to protect unauthorized access. Authentication to your Password Administration system ought to ideally tie into an current directory companies system equivalent to Active Listing or similar. Only as soon as you might be authenticated in opposition to the directory service are you able to authenticate against your Password Management system. Some form of secondary authentication is also really useful, in case the listing service account has been breached.
Authorized Access Control
As soon as you might be inside your Password Administration system, sufficient access control ought to be out there and in place so users can not achieve entry to information they are not meant to see. Your Password Management system should be function-primarily based, providing higher flexibility into who can administer the system, and who can modify the data.
Secure Transmission over the Network
There's no point securing the back end database and controlling access via the front end if passwords are being transmitted around the network in an insecure fashion. The majority of good Password Management systems are web based, which means the web server should be further secured by configuring the web site to use an SSL Certificate. This SSL Certificate will encrypt all traffic from the user's desktop browser to the web server, which ensures any probes on the network cannot 'sniff' the sensitive data.
Audit all Activities
Even if the front end to your Password Management system was breached, it's important to track all activities which occur within your system, including the source IP Address of the computer terminal which instigated the activity. Ideally most activities within your system should be logged, and audited regularly.
Alerts for Unauthorized Access
Along with regularly reviewing audit logs in your Password Management system, it's essential actual-time alerting is accessible for unauthorized access, providing the related authorities with enough data so they can investigate the potential breach.
Mitigate Against Unlocked Computer Screens
It doesn't take lengthy for someone to walk away from their pc, with the screen unlocked, and any individual else walks up and positive aspects entry to whatever is on the screen. Your Password Administration system ought to have multiple features which mitigate this form of potential breach reminiscent of automated logouts, computerized hiding of seen passwords on the display screen, and automatic clearing of any passwords copied to the clipboard.
Removing Access When It Is No Longer Required
It's a fact of life that as customers move into totally different roles, or transfer to different organizations altogether, their entry to IT Programs is probably not eliminated as rapidly as they need to be. Your Password Management system also needs to assist time-based mostly entry to sensitive passwords, so entry is robotically eliminated after a specified interval of time. One other useful feature is to remove entry to passwords the subsequent time a password is changed.
Patch Your IT Systems
It's vital you employ regular patch management methodology, ideally monthly, to ensure vulnerabilities in your software are eliminated previous to them being exploited. Essential patches needs to be assessed as quickly as they're accessible, and deployed with a sense of urgency if your methods are affected.
About the Author:
You can now find complete information on the latest version of Enterprise Password Management by checking out our article on the importance of effective password management.
Không có nhận xét nào:
Đăng nhận xét