Volume 8, Number 21 -- May 27, 2008

Lieberman Adds i OS Support to Password Program

Corrected: May 27, 2008

by Alex Woodie

Organizations struggling to keep their users from forgetting their passwords while maintaining an acceptable level of authentication may want to check out the latest release of Lieberman Software's Random Password Manager. The software automatically generates random passwords for users, while providing them a way to recover their passwords from a hardware-encrypted location when passwords are forgotten. With the introduction of support for i (formerly i5/OS) and z/OS with version 4, the product can now be used in enterprise IBM shops.

Random Password Manager is designed to protect organizations from a catastrophic compromise of their IT infrastructure's security. Lieberman says such a circumstance is possible using traditional single sign-on (SSO) tools, wherea user's passwords are synchronized, giving him or her the capability to sign onto all of his or her applications using a single password. If just one of those user accounts is compromised, and that user has privileged access, such as ALLOBJ authority on the i OS or ROOT access on a UNIX system, then the organization's entire IT infrastructure is potentially at risk.

Random Password Manager addresses this potentiality by implementing another layer of protection at the password level. The software, which runs on secured Windows servers, creates unique passwords for all systems that a user must access, thereby preventing a single password vulnerability from daisy chaining across systems.

The product also logs and audits any and all password-related activity, and ensures that users' passwords are changed frequently, which are requirements of many new regulations, such as PCI and SOX. If users forget their Random Password Manager-generated password, they can recover their password from the Web-based interface. The software then immediately randomizes the password again, ensuring continued compliance.

Lieberman added support for i OS and z/OS as a result of customer requests, says Kevin Franks, marketing communications manager for the Los Angeles-based company. "We had several large enterprise customers who wanted us to extend the product's functionality to cover the AS/400 systems they were running in their environments," Franks writes in an e-mail. "They were interested in having one solution that could cover all of the different platforms in their enterprise, and AS/400 was one of the platforms that was mentioned repeatedly. So AS/400 support, along with OS/390, Oracle and MySQL support, was built into Random Password Manager 4.0. Without this support, our largest customers didnít feel like they were really receiving comprehensive privileged password management across the entire network."

Random Password Manager uses AES-256 encryption to secure passwords in a SQL Server database, and SSL encryption to protect data as it's sent between the browser and the server. The software supports all versions of Windows going back to Windows NT, and is certified for Windows Server 2008 and Windows Vista. It's also been certified for network equipment from Cisco Systems and Juniper, and is RSA SecurID Ready.

Other new security features in version 4 include support for hardware-based encryption, through hardware security modules (HSM), and support for two-factor authentication. By utilizing HSMs, there is no record of encryption keys stored in memory, eliminating the chance that software debuggers and other tools can locate encryption keys and compromise security. The new version works with any HSM for which there is a PKCS #11 interface library, and is validated to FIPS 140-2 levels 2 and 3.

Support for two-factor authentication technology, through RSA SecurID, helps guarantee that only staff with physical possession of an RSA SecurID hardware authenticator and properly provisioned credentials can access the passwords generated and stored by Random Password Manager, according to Liberman.

Random Password Manager 4.0 is available now. For more information, visit www.liebsoft.com.

This article has been corrected. Lieberman announced a new release of Random Password Manager, not Enterprise Random Password Manager, which is a similar but different product. IT Jungle regrets the error.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

The Ultimate System i Replication
for Business of All Sizes

With hundreds of successful installations in over 40 countries across the globe,
the *noMAX Suite of Products offer highly integrated, scalable and affordable technology;
all of which places Maximum Availability's High Availability and Disaster Recovery solutions
within the reach of all businesses, irrespective of size, scope and location.

                                                  · Fast
                                                  · Cost-effective
                                                  · Highly Scalable
                                                  · Designed for businesses of all sizes

Find Out More at www.maxava.com

Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

COMMON:  Join us at the Focus 2008 workshop conference, October 5 - 8, in San Francisco, California
Help/Systems:  Explore operations automation and BI, June 17 - 20, 2008, Minneapolis, MN
Vision Solutions:  System i Management Tips Blog - Free i5/OS Tips Each Week!


IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
Getting Started with PHP for i5/OS: List Price, $59.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket Developers' Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
iSeries Express Web Implementer's Guide: List Price, $59.00
Getting Started with WebSphere Development Studio for iSeries: List Price, $79.95
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
WebFacing Application Design and Development Guide: List Price, $55.00
Can the AS/400 Survive IBM?: List Price, $49.00
The All-Everything Machine: List Price, $29.95
Chip Wars: List Price, $29.95

The Four Hundred
The Way IBM Sees New Versus Prior i Platforms

The Server Biz Enjoys the X64 Upgrade Cycle in Q1

Evans Data Ranks Integrated Development Environments

As I See It: The Programmer as Artist

Reseller Mainline to Acquire Competitor Cornerstone

The Linux Beacon
NYSE Euronext Trades Mainframes and Unix for Linux and X64

Canonical Founder Calls for Synchronized Linux Releases

AMD Ships Low-Power Barcelonas as Two More Execs Exit

New and Updated Barcelona Boxes Debut from Sun

VMware Tweaks Virtualization Stack, Boasts of Greenness and Sales

Big Iron
NYSE Euronext Trades Mainframes and Unix for Linux and X64

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Use PCOMM Scripts to Dynamically Build a Spreadsheet, Part 2

Use SQL to Strip Out Tab Characters

Admin Alert: Monitoring the Monitors

System i PTF Guide
May 17, 2008: Volume 10, Number 20

May 10, 2008: Volume 10, Number 19

May 3, 2008: Volume 10, Number 18

April 26, 2008: Volume 10, Number 17

April 19, 2008: Volume 10, Number 16

April 12, 2008: Volume 10, Number 15

The Windows Observer
Micro-Hoo is Back On the Table, But In a Different Form

Developers Cool to Vista, Evans Study Finds

Global Sales Save HP's Financial Cookies in the Second Quarter

Symantec Combats Phishing with New Services Offering

Microsoft Heads Aberdeen's List of Top 100 Tech Companies

The Unix Guardian
Global Sales Save HP's Financial Cookies in the Second Quarter

NYSE Euronext Trades Mainframes and Unix for Linux and X64

Sun Updates VirtualBox with Native Solaris Support

HP Ships Insight Dynamics for Managing Physical and Virtual Machines

A Word Cloud of IBM Server Brand Names

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar


ProData Computer Services
Maximum Availability
RJS Software Systems

Printer Friendly Version

Paglo Aims to be the Google of IT Management

RPG Programmer Avoids 'Learn Java or Flip Burgers' Pitfall

Lieberman Adds i OS Support to Password Program

KST Offers DataTrigger to Protect DB2/400 Files

Kisco Clamps Down on FTP Exposure with SafeNet/400

News Briefs and Product Shorts:

Love's Likes CCSS for PCi . . . Orphaned Account Risk Underestimated, Symark Says . . . Pepsi Bottler Uncorks Application Modernization with looksoftware . . . JDE EnterpriseOne Certified for i 6.1 . . . Manufacturer's JDE System to Be Extended with SM-Plus . . .

Four Hundred Stuff


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement