Security breaches are far too often related to insecure handling and usage of passwords. How do we manage passwords and make sure to comply with security guidelines in an effective manner?
Security breaches are often caused by human error – primarily password-related errors. In addition, unsecure handling and storage of password together with incompliancy in creation and/or update of passwords also possess a significant risk. The challenges regarding password management might be:
- It can be tricky to maintain password policies for privileged accounts. Local server administrator accounts or domain service accounts are often not changed at regular interval because it’s a hazzle and you run the risk of stopping vital function. This means that vital passwords are known to both present and former employees leading to risk of security breaches.
- Passwords are stored by organisations in an insecure manner – e.g. in unencrypted databases, locally or even in physical form, making it easy for intruders to hack and misuse.
- Outside consultant are given privileged access rights without any control of their actions or options to stop the access.
- Lack of overview leads to security breaches such as failure to update unexpired passwords, failure to dismantle the password of temporary employees (e.g. consultants) and to detect and mitigate suspicious activity regarding logon.
Functions & Requirements
- Centralised secure password storage: Share securely passwords with user groups
- Reset of services running with domain service account: Change domain passwords for service accounts and PMP will automatically update the password for each service and restart the service
- Workflow for access control on passwords: Give controlled access based on approval to privileged account password & password will be changed after each use
- Automated Password Reset: Schedule automated password reset according the schedules either with new individual passwords or bulk update of new common password
- Privileged Session video recording: Each rdp session or telnet session can be recorded for auditing purposes
- Shadow privileged sessions: Shadow rdp sessions in real time to supervise user activity
- Password compliance reporting
- Remote Password Reset: Reset password for accounts on devices in the DMZ via agent
- Remote Access & Auto Logon: Use password to access servers or snmp devices without the need to know the password
Learn more and download ManageEngine GDPR White Paper (PDF).
Read more about system requirements here.