Lieberman Software’s Integration of nCipher’s Hardware Security Module Revolutionizes Password Security
Random Password Manager™ and Enterprise Random Password Manager™ are First Password Management Products to Offer Hardware-Based Encryption
(Los Angeles, CA – April 7, 2008) Lieberman Software has integrated nCipher’s nShield dedicated hardware security module (HSM) with its Random Password Manager and Enterprise Random Password Manager (privileged account password management solutions). This integration allows local passwords randomized by these products to be secured in a tamper-resistant hardware environment, enabling them to be more effectively managed and safely stored. Lieberman Software is the first commercial ISV to utilize HSM technology as a method for securing sensitive password data in a commercial off-the-shelf application. Lieberman Software is exhibiting in booth 538 at RSA Conference 2008 in San Francisco this week.
“This partnership with nCipher demonstrates that we believe that our customers should have the option of using the most secure method possible for storing local passwords utilized by every system throughout the enterprise,” said Philip Lieberman, president of Lieberman Software. “Given that the security of sensitive passwords is integral to the continued operation of an organization, the inclusion of an HSM option in these products was obvious. We’re pleased to be the first ISV to integrate HSM technology and FIPS 140-2 levels 2 and 3 certification options into our password management products.”
Hardware-Based Encryption of Privileged Passwords - Hardware based encryption key management is an accepted industry best practice because it overcomes the inherent security weakness of using and managing keys in software. nCipher’s nShield HSM provides Lieberman Software’s Random Password Manager and Enterprise Random Password Manager with a secure key management and encryption subsystem that is independently validated to FIPS 140-2 levels 2 and 3. This is a de-facto security benchmark for cryptographic processing and a mandatory requirement for many organizations.
“Encryption is rapidly becoming a mainstream security tool and the use of it in the context of password management is a perfect example of how it can protect critical assets. Privileged passwords and other high value account credentials are increasingly identified as a point of risk that requires management attention,” said Richard Moulds, executive vice president of product strategy for nCipher. “The integration of our nShield HSM with Random Password Manager and Enterprise Random Password Manager provides a tangible security benefit, and we are pleased to work with Lieberman Software in this important area.”
HSM technology has been utilized for years in the government, military, and intelligence industries to protect against the security flaws of conventional encryption software. Even when keys are encrypted, software debuggers can locate and access the decryption key, allowing critical data to be compromised. With an HSM, there is no record of keys stored in memory. Instead the keys are stored in a secure device, physically inside of a computer. For Lieberman Software customers this means that the local administrator and root passwords generated by Random Password Manager and Enterprise Random Password Manager can be securely stored and protected against unauthorized access.
The newest versions of Random Password Manager and Enterprise Random Password Manager can interface with any HSM developed by commercial third-parties or the intelligence community when a PKCS#11 interface library is provided. Lieberman Software plans to incorporate the optional use of hardware encryption devices into the rest of its product line.
Lieberman Software’s Password Management Solutions - Random Password Manager and Enterprise Random Password Manager mitigate the security threat created by using common account passwords across all systems in the network. Organizations that deploy their servers and workstations with identical account credentials risk having one compromised password affect the security of the entire network. The Lieberman Software products ensure that every system in the network maintains unique account credentials, preventing an unauthorized user from decrypting a local password and gaining peer-level access throughout the enterprise.
Random Password Manager automatically randomizes local administrator and root account passwords on every system in the enterprise, and enables temporary recovery of current passwords via a secure and audited web interface. Enterprise Random Password Manager is built on the foundation of Random Password Manager but it also identifies and enumerates every location in the enterprise where every account is used, and then automatically propagates password changes to all of these locations. These products support Windows NT/2000/XP/Server 2003/Vista/Server 2008, Linux and UNIX servers and workstations; SQL Server, MySQL, and Oracle databases; AS400 and OS/390 mainframes; and Cisco and Juniper hardware devices.
A free 30 day evaluation copy of Random Password Manager is available for download at www.liebsoft.com/Random_Password_Manager/. Enterprise Random Password Manager is also available for free evaluation, with configuration and support assistance provided. Contact Lieberman Software for details.
About Lieberman Software Corporation - Lieberman Software provides security and systems management solutions that reduce the cost and complexity of administering the cross-platform enterprise. By automating time intensive systems management tasks, Lieberman Software increases control over the IT infrastructure, subsequently reducing security vulnerabilities, improving productivity, minimizing system failures, and ensuring compliance. With products that simultaneously administer thousands of systems from a single console, Lieberman Software ensures that even the largest corporate, educational, and government enterprises remain managed, secure, and compliant. The company is a Microsoft Gold Certified Partner headquartered in Los Angeles, CA, with an additional office in Austin, TX. For more information, please visit www.liebsoft.com.
About nCipher Corporation - nCipher protects critical enterprise data for many of the world's most security-conscious organizations. Delivering solutions in the fields of identity management, data protection, enterprise key management and cryptographic hardware, nCipher enables businesses to identify who can access data, to protect data in transit and at rest, and to comply with the growing number of privacy-driven regulations. nCipher plc is listed on the London Stock Exchange (LSE: NCH).
Product and company names herein may be trademarks of their registered owners.
For more information, please contact: Kevin Franks
Marketing Communications Manager
Lieberman Software Corporation