Lieberman Software
PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
  Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on YouTube
  August 2012        

Top of Mind

Breaking News

Philip  Lieberman
President & CEO
Lieberman Software


I am happy to announce that we will be shortly releasing version 4.83.5 of Enterprise/Random Password Manager (E/RPM).

We have expanded E/RPM’s  language support to 21 languages in the web interface, added more web services APIs, added a password history column to unmanaged shared credentials (to deal with fat fingered entries) and a ton of other features as well as fit and finish improvements, bug fixes and added support for even more platforms. 

We have also added new countermeasures for DDOS and brute force attacks. This feature set is configurable and based on the latest presentations at Black Hat 2012.

There is also a new and more sophisticated domain directory inclusion/exclusion path functionality to limit account discovery to only areas you wish to be analyzed and managed. This last feature is useful for large multi-tenant cloud and corporate accounts that mix clients, contractors, employees and service accounts in a single Active Directory environment.

There is even more in the release. Keep an eye out for it on our web site. For those on maintenance agreements, you will be receiving an email with the download instructions as soon as it is released.

Continuing From Last Month: Common Local Administrator/Root Accounts

Last month I described how you can convert spreadsheets with passwords into our secure storage system of E/RPM. For those that have to deal with the reality of the real world, any conversion of process or access to data has political implications, no matter how poor or insecure the existing processes are.

For this month, I will be offering an easy and less political project:  the randomization of common root or administrator credentials on all of your systems and devices. This has few consequences since these credentials are not accessed by typical users and are normally only used by the IT department staff. If you have not changed the built-in credentials for 10 years, you will be surprised how easy this project is to accomplish.

Taxonomy – What Fits Where?

The simplest breakdown of local Superuser accounts is into the following groups:

• Microsoft Windows Systems
• UNIX/Linux Systems
• Other Operating Systems
• Routers, Switches, and devices

Windows Administrator Accounts

Windows Accounts are really easy to randomize since the list of domain connected machines can be immediately pulled from Active Directory and the local administrator account can be randomized via the use of a high powered domain account that is seen as a member of the local Administrators group on the local machine. Using this methodology, you can change the local administrator account on 5000 Windows machines in less than an hour with reasonable LAN speeds.

Special cases such as renamed local administrator accounts are already handled by the product by its use of a wildcard administrator name function that uses the RID of local administrator rather than the name itself to identify the account. Other special cases such as workgroup accounts can be handled via the Alternate Administrators dialog within the E/RPM product that allows preloading of accounts to be used for administrator changes.

And, even if you don’t have an Active Directory for machine lists, you can import the list via CSV files, get the list from a database, scan an IP range, or do an LDAP query from just about any LDAP server, or worse case, you can enter the names manually!

=> More on this subject in NEXT MONTH'S Newsletter.

What do you think? Email me at: Phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
 
Developer Top of Mind

We're pleased to announce a new column showcasing insights from our developers. Our inaugural entry comes from Nick Carroll:

Options in Enterprise Random Password Manager (ERPM)

ERPM has an evolving mechanism for loading and saving various run-time configurable options. Initially, most of these options were set via registry values, with somewhat ad-hoc naming conventions This persists into the current code, but primarily only for legacy reasons.

The new internal options structure supports namespace-qualified options with strongly-typed values, which are settable via various input locations. For example, you can set options via command line, per-module config file, or in a well-defined registry location. This allows configuration data to be easily modified during testing, and/or to support particular customer scenarios. It also lets our developers expose some configuration parameters before we have UI to support them - allowing updates “in the field” as necessary.

Click here to read the rest of this article.


What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • What Should be Done About Credit Card Security? The rash of credit card breaches over the past couple of years should serve as a wakeup call that credit card issuers need to step forward and address the need to protect customer information in the US...
  • A Picture is Worth…  A couple of years ago I had a great conversation at the RSA Conference with Gartner analyst Lawrence Pingree about the huge volume of security and configuration data that our privileged identity management products collect and show. Mr. Pingree challenged us to unlock this treasure trove of information for customers by providing flexible access to the data in a variety of formats besides columnar reports...

Events / Press / Analysts
  • Lieberman warns companies to be cautious about BYOD. ChannelBiz. “In today’s consumer-owned devices,” Lieberman said, “the ability to adopt and sustain enterprise access and revocation controls is non-existent or impaired. In an effort to meet the demands of BYOD, enterprises are being forced to employ soft certificates with diminished security.
  • Lieberman Software's Enterprise Password Manager Supports SQL Server 2012. SQL Server Pro. The solution now automatically discovers SQL Server 2012 accounts in the database, and updates and propagates account credentials everywhere that they are used in the data center. Additionally, users can choose to utilize SQL Server 2012 as a secure back end for the encrypted storage of privileged passwords, which provides users with the ability to release passwords to delegated users on demand.

Tech Tip of the Month

File Cratering

Need to stop a program from running on your Windows hosts now? Found a virus but don’t have an updated definition file from your anti-virus vendor? User Manager Pro’s patented File Cratering technology can save the day. Here's how.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.
Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
                 www.Liebsoft.com    |    (01) 310-550-8575  |   newsletter@liebsoft.com