Password Management



Today's IT regulatory mandates – including PCI DSS, SOX, HIPAA and a host of others – require all of your privileged account passwords to be sufficiently unique, complex, and frequently changed.

Scheduling Password Changes in RPM

Scheduling Password Changes in RPM
(Click to Enlarge)

  • Random Password Manager (RPM) makes it easy to configure settings for password strength that accommodate different management targets – including hardware, databases, and applications – with set requirements for allowable passwords. This makes it simple to choose the right settings for every managed system.

  • RPM helps you logically group all of your managed systems so you can configure specific policies for different types of systems and account types – for example, you can group systems to more easily configure NT-compatible passwords for older computers, while complying with the current requirements of your computers running Windows Vista / Server 2008 and newer.

Schedule Password Changes with Less Effort

Passwords are automatically randomized after use and can be changed on a scheduled basis, with the options for scheduling being immediately, every hour, every day, every week, every month, every year or every n hours/days. The job can also be given a window of time to run (e.g. 1-3 AM).

RPM helps you to schedule and monitor password changes with a minimum of effort, and lets you properly handle exceptions (in the event of a network issue or if a target system goes offline) so that any issues are reported, alerted and addressed.

  • Because RPM organizes your password change jobs by systems (as opposed to accounts) you can update the same account on any number of machines with a single job so you'll manage all of your password changes with the least effort. Once you create your password change jobs, RPM can process the changes without operator intervention.

  • RPM also has the capability to reset individual passwords or groups of passwords on-demand, and to schedule automated checks to ensure that each password stored in the database correctly matches the current login for each target account.

Password Complexity

Password constraints are configurable and control the password length and complexity. You can select which symbols to use or exclude, whether the password may contain upper/lower case letters, symbols, or numbers. You may select the positioning of characters/numbers/symbols within the password itself, and you may require a minimum number of upper/lower case characters, numbers or symbols. With RPM, passwords can be up to 127 characters in length, if/as allowed by the system being managed.

Password Encryption

With RPM your passwords are encrypted in a backend database, with options that include military-grade AES encryption, a FIPS 140-2 software encryption module, higher levels of FIPS 140-2 compliance, and support for Hardware Security Modules (HSMs) that use PKCS#11. RPM also takes advantage of SSL encryption between its distributed modules, and between its web application and users' machines, to protect passwords and other sensitive information.

RPM does not perform any of its own networking and does not require agents to manage privileged identities on servers, workstations, and devices. RPM commands its local host to perform connections and issue remote commands. All networking is a result of Windows to Windows communications for Windows based targets and therefore follows the same rules and protocols, or via SSH 2.0 or Telnet connections to non-Windows platforms.

Password Retrieval

Administrators can quickly retrieve passwords for systems/ devices/ applications/ databases they are authorized to manage via a secure web portal. You may configure the web application to allow users to view passwords or simply log them into the target system via RDP/SSH/Telnet without ever displaying the password.

Contact us to learn more about how Lieberman Software can help you secure your organization's privileged accounts.

 

 



Live chat by SightMax