Hi Kathy,
We've found that many companies have a 30 or 90 day password change policy
on service accounts where possible, and for those situations where vendors
provide applications where passwords can not be changed easily password
alterations are usually performed when the software is reinstalled or
upgraded.
We produce a product called the Enterprise Password Safe which is in use by
many companies to manage all types accounts. If you'd like to take a look
the details are at;
http://www.argosytelcrest.com/enterprise_password_safe.html
If you want more information about our product please email me off the list.
Thanks,
Al Sutton
Argosy TelCrest
www.argosytelcrest.com
-----Original Message-----
From: kathy.kirk@prudential.com [mailto:kathy.kirk@prudential.com]
Sent: 05 January 2006 21:50
To: security-management@securityfocus.com
Subject: Service Account Pswd Mgt
I've been asked how managing service accounts works in other organizations.
What is your policy for changing Service Account passwords? Is it based on
an event (e.g., administrator leaves the company) and or a time requirement
(e.g., every 90 days). If your organization does change Service Account
passwords, is it consistent across the organization? How do you enforce your
policy?
By Service Account, I'm referring to system IDs used to perform backups,
automate FTPs, run applications, jobs, scripts, etc.
thanks,
kathy
--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.14/222 - Release Date: 05/01/2006
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.371 / Virus Database: 267.14.14/222 - Release Date: 05/01/2006
