Modern Middle Manager
Primarily my musings on the practical application of technology and management principles at a financial services company.
Technology Review Tuesdays

Tuesday, May 17, 2005  

I write this as I try to shake off a cold I picked up in Vegas. Blah.

I've never made a regular, recurring topic on this blog. Maybe having one will inspire me to write more. Today's technology is from SyMark, which makes an appliance for password escrow called PowerKeeper. This handy, dandy little device controls the generic admin accounts running throughout the network, including such platforms as Linux, Windows 2000/2003, MS SQL Server and Cisco equipment. Passwords are "checked out" from the device for a specified period of time and with or without dual controls on a per-account basis. As a financial institution tired of getting beat up about having generic admin accounts (something we're remediating this year), I like what I see.

Access is controlled by the interaction of systems, collections of systems, users and groups of users. One group can be assigned to request passwords for a collection and another group can be set to approve the requests. There are two "superuser" accounts on the box that override all other security, which may provider something of a security hole. It looks tedious to set up and the HTML interface is pretty simple. However, once set up it seems easy enough to maintain.

The box produces about a dozen reports showing information such as checkout activity, password aging (if you choose to let the device automatically change passwords according to customized rules), and about 10 other items I don't remember from the demo. Reports can be scheduled and e-mailed as HTML or CSV files.

I'm impressed enough to request an evaluation box. I understand that pricing is based on the number of systems that it manages, so hopefully they won't be too greedy.

posted by Henry Jenkins | 5/17/2005 06:41:00 PM

Comments: Post a Comment
the author
open source