Lieberman Adds i OS Support to Password Program
Corrected: May 27, 2008
by Alex Woodie
Organizations struggling to keep their users from forgetting their passwords while maintaining an acceptable level of authentication may want to check out the latest release of Lieberman Software's Random Password Manager. The software automatically generates random passwords for users, while providing them a way to recover their passwords from a hardware-encrypted location when passwords are forgotten. With the introduction of support for i (formerly i5/OS) and z/OS with version 4, the product can now be used in enterprise IBM shops.
Random Password Manager is designed to protect organizations from a catastrophic compromise of their IT infrastructure's security. Lieberman says such a circumstance is possible using traditional single sign-on (SSO) tools, wherea user's passwords are synchronized, giving him or her the capability to sign onto all of his or her applications using a single password. If just one of those user accounts is compromised, and that user has privileged access, such as ALLOBJ authority on the i OS or ROOT access on a UNIX system, then the organization's entire IT infrastructure is potentially at risk.
Random Password Manager addresses this potentiality by implementing another layer of protection at the password level. The software, which runs on secured Windows servers, creates unique passwords for all systems that a user must access, thereby preventing a single password vulnerability from daisy chaining across systems.
The product also logs and audits any and all password-related activity, and ensures that users' passwords are changed frequently, which are requirements of many new regulations, such as PCI and SOX. If users forget their Random Password Manager-generated password, they can recover their password from the Web-based interface. The software then immediately randomizes the password again, ensuring continued compliance.
Lieberman added support for i OS and z/OS as a result of customer requests, says Kevin Franks, marketing communications manager for the Los Angeles-based company. "We had several large enterprise customers who wanted us to extend the product's functionality to cover the AS/400 systems they were running in their environments," Franks writes in an e-mail. "They were interested in having one solution that could cover all of the different platforms in their enterprise, and AS/400 was one of the platforms that was mentioned repeatedly. So AS/400 support, along with OS/390, Oracle and MySQL support, was built into Random Password Manager 4.0. Without this support, our largest customers didnít feel like they were really receiving comprehensive privileged password management across the entire network."
Random Password Manager uses AES-256 encryption to secure passwords in a SQL Server database, and SSL encryption to protect data as it's sent between the browser and the server. The software supports all versions of Windows going back to Windows NT, and is certified for Windows Server 2008 and Windows Vista. It's also been certified for network equipment from Cisco Systems and Juniper, and is RSA SecurID Ready.
Other new security features in version 4 include support for hardware-based encryption, through hardware security modules (HSM), and support for two-factor authentication. By utilizing HSMs, there is no record of encryption keys stored in memory, eliminating the chance that software debuggers and other tools can locate encryption keys and compromise security. The new version works with any HSM for which there is a PKCS #11 interface library, and is validated to FIPS 140-2 levels 2 and 3.
Support for two-factor authentication technology, through RSA SecurID, helps guarantee that only staff with physical possession of an RSA SecurID hardware authenticator and properly provisioned credentials can access the passwords generated and stored by Random Password Manager, according to Liberman.
Random Password Manager 4.0 is available now. For more information, visit www.liebsoft.com.
This article has been corrected. Lieberman announced a new release of Random Password Manager, not Enterprise Random Password Manager, which is a similar but different product. IT Jungle regrets the error.