Lieberman Software
PRIVILEGED IDENTITY MANAGEMENT NEWS LINE
  Follow us on Twitter  Follow us on LinkedIn  Blog  Lieberman Software on YouTube
July 2012        

Top of Mind

Low Hanging Fruit: Fixing Big Security Problems in Minutes or Short, High-Return Projects

Philip  Lieberman
President & CEO
Lieberman Software


For those that get the whirlwind tour of Enterprise Random Password Manager (ERPM), it is not uncommon to be overwhelmed with the vast scope of the product’s coverage. Given that the product can do so much, many customers become frozen because they have no plan as to what to do first.

In this month’s Top of Mind I will try to give you a simple security improvement attack plan that is fast and easy – where each project takes a day or less to accomplish and yields permanent closure of security holes.

Politics vs. Technical vs. Scope Issues

Improving the handling of superuser credentials is not always easy to implement because many of the changes require not only the introduction of technology, but also changes in operational processes that can cross many political, financial and power fiefdoms. When deciding on the following projects, consider not only the technical difficulties (none are that great) as well as the politics behind the introduction of a new security control (auditor’s term).

Password Spreadsheets

Probably the easiest and highest return project to do technically is the conversion of existing password/secrets spreadsheets (generally shared and unaudited as to usage) into encrypted and delegated access data. You can use our standalone Password Spreadsheet Manager (PSM), ERPM or Random Password Manager (RPM) products for this project.The PSM feature is included in ERPM and RPM at no extra charge. The end result is controlled access to all of your spreadsheet password/secret data at a very granular level in less than one day.

We have had customers import over 500 existing password spreadsheets into the product and put this into production in less than 4 hours, so it can be done quickly.

The project consists of converting existing spreadsheets from their native format (i.e. Microsoft Excel XSL/XSLX format) into CSV (comma separated value) format. The CSV files are imported directly into the ERPM console with about three or four mouse clicks (easy and quick). To finish up, you then set the permissions for the imported spreadsheet data – a little time consuming and politically charged regarding who gets access to which secrets.

Tips and Techniques

1) You can import more than one spreadsheet at a time in one file import step. In the documentation for the CSV file format, you will see that you can add an extra column of data to the CSV file that contains the name of the spreadsheet for each row of data. This trick allows you to create a gigantic single CSV file and each row of data will drop into the correct encrypted area based on the last column value (spreadsheet name).

2) Setting complex permissions on many spreadsheets can be labor intensive. To make this setting of permissions easier, first set the permissions on a single imported CSV file by hand. Export the permissions for the just-created spreadsheet into CSV format, and use this file as a template for the rest of the spreadsheets. You can open that exported CSV permissions file as a spreadsheet and expand entries to cover all of your spreadsheets using spreadsheet magic. The resulting spreadsheet of permissions can be saved as a CSV file and imported into our program in just a few seconds. We hate repetitious work and like automation a lot, which is what we provide to speed up your deployments.

Summary

Converting from spreadsheets containing static secrets to a fully audited and controlled access system where each line in the spreadsheet is now an encrypted and delegated secret is a fast project that generally takes less than a day. As a side note, we don’t charge by users, administrators, spreadsheets or secrets, so you can load in as many spreadsheets as you want without additional charges. Imagine: getting rid of spreadsheet-based secrets and making your auditors happy in less than a day with no extra licensing costs… and, secret storage requires very little database power and almost no CPU usage on your servers!

Next Month’s Project: Randomizing Local Administrator Passwords

What do you think? Email me at: Phil@liebsoft.com. You can also follow me on Twitter: @liebsoft or connect with me via LinkedIn.
 
What's New in Identity Week

Featured commentary on our
Identity Week blog this month includes:
  • Trends in the German IT Market – An Interview. IdentityWeek recently had an opportunity to sit down with Andreas Görög, CEO of IBV Informatik GmbH – an IT security  solutions provider headquartered in Germany – about his insights on the current state of the IT market in Northern Europe and what to expect in coming years...
  • U Is For UTM. Guest Commentary by Pierluigi Stella, CTO, Network Box USA. A recent article in Dark Reading caught my attention, because I have been saying the precise same thing for 13 years now. The idea for unified threat management (UTM) has always been that an effective response against blended threats can only come from blended security. And there is absolutely no way to blend security when you are dealing with 10 different devices – most likely originating from 7 different vendors, with not a single one of them integrated with each other...

Events / Press / Analysts  
  • Oh My Tech!: Navigating the nightmare of multiple logins, passwords. The Salt Lake Tribune. Whenever I go to the home of a friend or relative to try to make things right on their computers or software, invariably the biggest obstacle I run into is being able to access what needs fixing. That’s because invariably whomever I’m helping can never remember the login and password he or she uses. For example, I recently spent two more hours than I needed to working on my cousin’s iPad because she couldn’t remember the passwords for either her email or iTunes account.
  • Hackers publish 450,000 unencrypted Yahoo login credentials. FierceCIO TechWatch. Yahoo has become the latest online service to suffer a massive password breach. Hacking group D33D Company has publicly posted more than 450,000 login credentials belonging to the Yahoo Contributor Network on its website. The hackers claimed to have used an SQL injection technique to extract the data, which contains passwords which are unencrypted.
  • IT staff despair about crooked outsourcing. TechEye.net. Dodgy work, dodgier invoices. In-house IT professionals take a dim view of the jobs undertaken by outsourced workers, labeling outsourcing a “money pit” and blasting claims of a value return.
  • Top 3 Insecure Password Management Practices. eSecurity Planet. Even good admins sometimes do bad things with passwords. Spotting these risky IT practices in your organization is a first step to a more secure password management strategy.

Tech Tip of the Month

Upgrade to ERPM 4.83.4 or RPM 4.83.4!

If you are an existing Enterprise Random Password Manager (ERPM) or Random Password Manager (RPM) customer, we STRONGLY recommend you upgrade to the new version. There is so much more functionality and flexibility in this release. Download the new installer package, run it, and upgrade the website - it's that simple!

To upgrade, please contact your account manager for the download link.

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. You are receiving this email because you have granted us permission to contact you. If you do not wish to receive email messages from Lieberman Software in the future, please click here.
Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067
                 www.Liebsoft.com    |    (01) 310-550-8575  |   newsletter@liebsoft.com