I was in a meeting with a customer yesterday and I was empathising with the IT manager as to his current SysAdmin nightmares. Unfortunately, I can’t stop all his issues and pains but I can help him having to report back to his bosses about his password policy.
When his team implemented the users’ password policy they made a few changes in Active Directory and everyone had to use change their password every 30 days, use complex passwords, not reuse old passwords etc. and it was all pretty straightforward. But last week his boss asked him, “what about all our network stuff, especially our security appliances. What are we doing about the passwords on them…? ” he was now worried. So far the users were covered but he hadn’t thought about his security appliances. So we set about writing a wish list of what he did want on his security appliances… personalised accounts for all admins (so he knows who’s done what), token-based strong authentication (so no-one can share passwords or brute force the logins) and above all else a central place to manage all this different kit. “Well…” I said to him, “Let me explain Osirium to you…”