Hi
This is an issue which is on my mind too at the moment. An internal audit has made some recommendations on various aspects of our work one of which was "Password Control". This specifically looks at "powerful accounts" such as at database and root level.
The audit made recommendations that we should be enforcing changes to these accounts every 30-60 days. So it might be worth adding that particular nugget to any system considerations. And auditors would no doubt like to see proof that passwords are being changed so a decent log.
A friend in IT security pointed me at a system which is in no way free or open source. Whilst I can't make any positive or negative comments, it may be interesting to see the functions and features that the product offers...
http://www.cyber-ark.com/digital-vault-products/enterprise-password/index.asp
I've found various opinions within our institution as the usefulness of actually changing passwords on such a regular basis, but I think that might well be a different debate.
--
Michael Wilcox
-------------------------
01227 (82)4830
[log in to unmask]
http://www.kent.ac.uk/is/webteam/
-----Original Message-----
From: Managing an institutional web site [mailto:[log in to unmask]] On Behalf Of Dan Forys
Sent: 15 June 2007 13:35
To: [log in to unmask]
Subject: Managing site logins and passwords
Dear all,
We're looking to implement a system to manage the plethora of website information we have. As an institution, we have a lot of micro-sites which have their own database connections, login details, code libraries etc.
What would be really nice, is some method of organising all this information so that it can be accessed by the appropriate IT staff when it's needed. We've ruled out keeping a paper file (in case we need the information at home, in the event of an out-of-hours emergency), and it's too risky to put all this on the webserver. Perhaps a kind of secure wallet application would do the trick; although it would need to be a cross-platform one (*nix, Win and Mac).
How does everyone else organise this kind of information and share it within the office?
Many thanks,
Dan Forys
Web & Database Developer
London School of Hygiene & Tropical Medicine Room 8/111, Keppel St, London WC1E 7HT
Direct: 020 7958 8212
|