President & CEO
I am happy to announce that we will be shortly releasing version 4.83.5
of Enterprise/Random Password Manager (E/RPM).
We have expanded E/RPM’s language support to 21 languages in the
web interface, added more web services APIs, added a password history
column to unmanaged shared credentials (to deal with fat fingered
entries) and a ton of other features as well as fit and finish
improvements, bug fixes and added support for even more
We have also added new countermeasures for DDOS and brute force
attacks. This feature set is configurable and based on the latest
presentations at Black Hat 2012.
There is also a new and more sophisticated domain directory
inclusion/exclusion path functionality to limit account discovery to
only areas you wish to be analyzed and managed. This last feature is
useful for large multi-tenant cloud and corporate accounts that mix
clients, contractors, employees and service accounts in a single Active
There is even more in the release. Keep an eye out for it on our web
site. For those on maintenance agreements, you will be receiving an
email with the download instructions as soon as it is released.
Continuing From Last
Month: Common Local Administrator/Root Accounts
Last month I described how you can convert spreadsheets with passwords
into our secure storage system of E/RPM. For those that have to deal
with the reality of the real world, any conversion of process or access
to data has political implications, no matter how poor or insecure the
existing processes are.
For this month, I will be offering an easy and less political
project: the randomization of common root or administrator
credentials on all of your systems and devices. This has few
consequences since these credentials are not accessed by typical users
and are normally only used by the IT department staff. If you have not
changed the built-in credentials for 10 years, you will be surprised
how easy this project is to accomplish.
Taxonomy – What Fits Where?
The simplest breakdown of local Superuser accounts is into the
• Microsoft Windows Systems
• UNIX/Linux Systems
• Other Operating Systems
• Routers, Switches, and devices
Windows Accounts are really easy to randomize since the list of domain
connected machines can be immediately pulled from Active Directory and
the local administrator account can be randomized via the use of a high
powered domain account that is seen as a member of the local
Administrators group on the local machine. Using this methodology, you
can change the local administrator account on 5000 Windows machines in
less than an hour with reasonable LAN speeds.
Special cases such as renamed local administrator accounts are already
handled by the product by its use of a wildcard administrator name
function that uses the RID of local administrator rather than the name
itself to identify the account. Other special cases such as workgroup
accounts can be handled via the Alternate Administrators dialog within
the E/RPM product that allows preloading of accounts to be used for
And, even if you don’t have an Active Directory for machine lists, you
can import the list via CSV files, get the list from a database, scan
an IP range, or do an LDAP query from just about any LDAP server, or
worse case, you can enter the names manually!
=> More on this subject in NEXT
you think? Email me at: Phil@liebsoft.com.
You can also follow me on Twitter: @liebsoft
or connect with me via LinkedIn.
Top of Mind
We're pleased to announce a new column showcasing insights from our
developers. Our inaugural entry comes from Nick Carroll:
Options in Enterprise
Random Password Manager (ERPM)
ERPM has an evolving
mechanism for loading and saving various run-time configurable options.
Initially, most of these options were set via registry values, with
somewhat ad-hoc naming conventions This persists into the current code,
but primarily only for legacy reasons.
internal options structure supports namespace-qualified options with
strongly-typed values, which are settable via various input locations.
For example, you can set options via command line, per-module config
file, or in a well-defined registry location. This allows configuration
data to be easily modified during testing, and/or to support particular
customer scenarios. It also lets our developers expose some
configuration parameters before we have UI to support them - allowing
updates “in the field” as necessary.
Click here to read the rest of
New in Identity Week
Featured commentary on our Identity
Week blog this month includes:
- What Should be Done About Credit Card
Security? The rash of credit card breaches over the past
couple of years should serve as a wakeup call that credit card issuers
need to step forward and address the need to protect customer
information in the US...
- A Picture is Worth… A
couple of years ago I had a great conversation at the RSA Conference
with Gartner analyst Lawrence Pingree about the huge volume of security
and configuration data that our privileged identity management products
collect and show. Mr. Pingree challenged us to unlock this treasure
trove of information for customers by providing flexible access to the
data in a variety of formats besides columnar reports...
Events / Press /
warns companies to be cautious about BYOD. ChannelBiz. “In
today’s consumer-owned devices,” Lieberman said, “the ability to adopt
and sustain enterprise access and revocation controls is non-existent
or impaired. In an effort to meet the demands of BYOD, enterprises are
being forced to employ soft certificates with diminished security.
Software's Enterprise Password Manager Supports SQL Server 2012.
SQL Server Pro. The solution now automatically discovers SQL
Server 2012 accounts in the database, and updates and propagates
account credentials everywhere that they are used in the data center.
Additionally, users can choose to utilize SQL Server 2012 as a secure
back end for the encrypted storage of privileged passwords, which
provides users with the ability to release passwords to delegated users
Tech Tip of the Month
Need to stop a program from running on your Windows
hosts now? Found a virus but don’t have an updated definition file from
your anti-virus vendor? User Manager Pro’s patented File Cratering
technology can save the day. Here's how.