Password Management Solutions for Collabor ative Environment

Size: px
Start display at page:

Download "Password Management Solutions for Collabor ative Environment"


1 Masaryk University Faculty of Informatics Bachelor Thesis Password Management Solutions for Collabor ative Environment Klára Pavelková Brno, Spring 2014

2 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Advisor: Mgr. Pavel Tuček

3 Acknowledgement I would like to express my deepest gratitude to my advisor Mgr. Pavel Tuček for his continuous support and strong encouragement throughout this project. Despite the fact that it was necessary to overcome several obstacles he was the person who kindly motivated me to achieve the completion. In addition, without his patient assistance I would not have been able to perform so many lengthy business calls which were completely new for me. A special thank goes to my colleagues Mgr. Luděk Finstrle and RNDr. Marek Kumpošt, Ph.D., who found time to help me with formulating the initial list of requirements without which the project could not have begun. Last but not the least I would like to thank my sister Radka for precious language advice and my beloved Tom who had a lot of patience with me during the toughest times of this project.

4 Abstract Theoretical part of the thesis analyzes motivation for deploying password management software in infrastructure of an organization and the security aspects regarding both cloud-based and on-premises software. In the practical part a survey of enterprise password managers is realized, suitable products are selected and proof of concept is implemented. According to the results a recommendation of a particular product is offered.

5 Key Words Password Manager, Cloud-based, On-premises, Security, Proof of Concept

6 Table of Contents 1 Introduction 1 2 Password Management Software Passwords and Their Ancient Records Passwords in Context of Access Control Identification, Authentication, Authorization and Accountability Motivaton for Deploying Password Management Software Pros and Cons of Password Management Software 9 3 Security Cloud Computing and Information Security Cloud-based Password Management Software On-premises Password Management Software 13 4 Optimal Features 14 5 Enterprise-Requested Features Essential Requirements Optional Requirements 18 6 Survey of Enterprise Password Management Software on the Market Cloud-based Software On-premises Software Availability of Trial Versions Rejected Software for the Proof of Concept Purposes Rejected Because of No Trial Version Availability Rejected Because of Not Meeting the Enterprise Requirements Software Selected for Testing 32 7 Proof of Concept Test Environment Password Manager Pro Requirements, Installation and Configuration Resource and Password Management Backup of Database Secret Server Requirements, Installation and Configuration Resource and Password Management 38

7 7.3.3 Backup of Database Enterprise Random Password Manager Requirements, Installation and Configuration Resource and Password Management Backup of Database Conclusion of Testing and Recommendation Conclusion 42 Bibliography 44 Appendix 48 Legal Issue 48 7

8 1 Introduction Using a password for the purpose of authenticating to a certain service is a daily practice of a user. Together with an increasing number of various services which require authentication the need of remembering all the passwords is growing as well. This process could result in a rather disturbing phenomenon passwords could be reused or written down and stored at insecure places which could endanger the security of user s confidential information stored within a service. In order to offer a solution to problems connected with the usage of a large number of passwords, a password management software is available on the market. There are various forms of the software some of them are for personal purposes whereas the others are designed to store and protect shared privileged information within an organization. This thesis deals specifically with an enterprise password management software which is typically used by system administrators. This thesis is divided into two major parts theoretical and practical. In the theoretical part the password management software is introduced, a brief insight into the past of passwords is made and passwords are set in context of access control, an explanation of basic terms is also included. An overall motivation of administrators for deploying and using such software and a section dedicated to its strengths and weaknesses follows. There are two approaches of password managers cloud-based and on-premises. Each of them is discussed from the security point of view in the next chapter together with focusing on the security aspects of cloud computing in general. The final section of the theoretical part briefly outlines what approach should be taken into account when searching for an optimal password management software features. The original output of the practical part of this thesis should have been a proposal of password management software for the purposes of NetSuite Inc. as there is a strong need for deploying such software in its global infrastructure. However, the motivation had to be slightly changed during the process because of legal-related problems that suddenly occurred. Therefore, the practical part deals with general aspects of available password managers instead of being 1

9 related to NetSuite. The only exception is the first practical chapter related to enterprise-requested features, because these features were initially consulted with participating specialists from NetSuite. The survey of software available on the market follows, a few products are selected and further analyzed. The end part of the last chapter summarizes practical experience from the deployment in testing environment and outlines personal recommendations of the author based on the proof of concept results. 2

10 2 Enterprise Password Management Software A password manager (further in the text as PM) is a software used for storing various passwords and optionally other confidential data (e.g. PIN codes, credit card numbers, SSH keys 1 etc.) in an encrypted database. Such database is stored either on provider s servers or within purchaser s infrastructure. It is protected by a master password and accessible after having been provided. The PM helps to keep passwords up-to-date, well organized and frees a user from the responsibility of remembering all of them. In general, there are two approaches of PM, the first one is to use PM for personal purposes, the second one is to deploy shared PM within a company. This thesis deals exclusively with the second approach enterprise password management software whose main aim is to manage shared privileged information of an organization. In this chapter it is briefly explained what the role of passwords in ancient times was in order to understand their importance within history of mankind. The definition of passwords in context of access control is given together with the explanation of basic terms associated with access control. The motivation for deploying a PM within a company is offers and its advantages and disadvantages are mentioned. 2.1 Passwords and Their Ancient Records A password could be defined as a string which enables a user to enter some service or resource and perform specific operations within it. Each password has to be strictly used in combination with credentials which belong exclusively to the user. As passwords are so widely used across information systems, it is important to keep them secret and constantly develop better techniques to protect their confidentiality for the purpose of protecting privileged data. 1 [1] The SSH protocol supports the use of public/private key pairs in order to perform authentication based on public key cryptography. 3

11 In order to be aware of the importance of using passwords, keeping them strong and unbreakable and using them in a proper way it could be helpful to find out their role in the past times. As the following shows, the usage of password in order to keep some secret confidential has a long history. It was reported that such application of passwords was already used in Ancient Egypt. According to the Encyclopedia of Ancient Egypt [2], from which the following quotations are taken, there was depicted a mortuary text called Am Duat on the walls in the tomb of Egyptian king, TUTHMOSIS III ( B.C.E.) in the VALLEY OF THE KINGS in THEBES. The purpose of this text was to instruct the deceased how to overcome the dangers of the afterlife, by enabling them to assume the form of several mythical creatures, and to give them passwords necessary for admittance to certain stages of the Underworld. The spells (i.e. magic words written on the walls) also allowed the deceased to proclaim themselves as bearing the identity of many gods. Passwords should help the deceased to be recited in the afterlife. As the above note shows, passwords have been inseparably connected with privileged information for ages. While in Ancient Egypt their potential was reported to be utilized after king s death, in 21 st century they are an inevitable part of everyday lives of prosperous nations. As the quote says, in order to reach the afterlife (which was the target), it was important to know the spells and passwords protected information locked in the tomb. This knowledge also allowed the deceased to change their identity according to current needs. In today s terms it could be compared to identification and authentication to a particular service that is somehow valuable for us, which is further explained in section 2.3. As confidential information has always been important for people, its importance is nowadays even increasing due to the swift development of information technologies. 4

12 2.2 Passwords in Context of Access Control Ross Anderson claims in his book called Security Engineering [3] that passwords are still the foundation on which much of computer security rests, as they are the main mechanism used to authenticate human users to computer systems. In order to understand the meaning and the purpose of passwords fully it is important to explain some basic terms inseparably connected with passwords. The fundamental one and superior to others is the term access control as passwords are typically used to access computer systems. Following explanations and definitions (as well as in the next chapter 2.3) are taken from CISSP (Certified Information System Security Professional) publication written by Shon Harris [4]. Access control is a broad term that covers several different types of mechanisms that enforce access control features on computer systems, networks and information. In connection with the previous definition he also explains access control features as a set of security elements which moderate how systems and users interact and communicate with other systems and resources. Such features protect the systems and resources from unauthorized access (...). In terms of password management software these security features are essential in order to protect confidential information stored within the software. Before proceeding to definitions of other terms connected with access control it could be helpful to clarify the term access itself again by words of Harris: Access is the flow of information between a subject and an object. A subject is an active entity that requests access to an object or the data within an object. a subject can be a user, program, or process that accesses an object to accomplish a task. ( ) An object is a passive entity that contains information or needed functionality. An object can be a computer, database, file, computer program, directory or field contained in a table within a database. All the above mentioned terms access, access control, subject and object will be explained and dealt with in the following parts of this thesis. 5

13 2.3 Identification, Authentication, Authorization and Accountability The following descriptions are taken from the publication of Harris [4]. A user cannot access any resource in case he does not prove he is who he claims to be, has not required credentials to enter the resource and has not necessary privileges or rights to perform requested actions. Reversely once the user fulfils all of these necessities, he can access and use the resource. The requirements which a user must complete in his way to access the resource are divided into three different steps. Identification. Identification describes a method of ensuring that a subject (a user, program or process) is the entity it claims to be. a user name or an account number could serve as the proof. Authentication. In order to be properly authenticated, the subject must provide another piece of credentials which could be a password, pass phrase, PIN, cryptographic key, some anatomical characteristics or token (something a user exclusively owns). These two credential items are compared to information that has been previously stored for this subject. If these credentials match the stored information, the subject is authenticated. More information about authentication is given in chapter 5.1 and 5.2 in context of requested features of PMs. Authorization. Once the subject is identified and provides their credentials, the system needs to check whether this subject has given particular privileges and rights to perform requested actions. For that purpose it uses access control matrix (for the definition see chapter 5.1 Essential Features). If it is determined by the system that the subject is allowed to access the resource, the subject is authorized. All the mentioned steps must be performed in order to allow a subject to access an object. Nevertheless, there must be another significant attribute held while a subject acts within an object, which is accountability. The subject has to be accountable for every action it takes within a system or a resource. The only way to ensure accountability is if the subject is uniquely identified and the subject s actions are recorded. Such recording could be done for instance within a PM system by its own auditing functionality, which is discussed in chapter 5.1 as one of the core features of a PM. 6

14 2.4 Motivation for Deploying Password Management Software Passwords are confidential information protecting sensitive data, information systems and networks and therefore they are also vulnerable to both external and internal threats. A significant number of different passwords is being used every day by employees and systems administrators. This thesis deals exclusively with the usage of PM by enterprise system administrators. There is a simple reason for that: undoubtedly, employees do use a large number of passwords during their everyday work, but on the other hand, administrators need to keep incomparably more passwords to access and manage various service accounts than ordinary employees. Passwords have to be well-organized and quickly accessible. Deploying a PM would be beneficial to the purposes of administrators. Unfortunately, these are typically privileged administrator accounts which are targeted with attacks. According to the 2014 Data Breach Investigation Report [5], during 2013 there were reported 8% of overall breaches and 18% incidents caused by insider misuse, which makes the insider misuse the 5 th cause of breaches and 3 rd cause of incidents out of 10 groups in total, as seen below on the figure Figure 2.4.1: Frequency of incident classification patterns [13]. The first graph represents 2013 breaches, the second one 2013 incidents. 7

15 As further statistics say, 88% of all insider misuse are privilege abuse, as seen on the figure This high number is commented in the report by the following words: Not unexpectedly, privilege abuse taking advantage of the system access privileges granted by an employer and using them to commit nefarious acts tops the list. We realize that encompasses a very broad range of activities, but the overall theme and lesson differ little: most insider misuse occurs within the boundaries of trust necessary to perform normal duties. That s what makes it so difficult to prevent. These statistics and quotes prove that generally, there is not a sufficient level of password management within companies and privileged accounts should be protected better than they are in the present. Figure 2.4.1: Top 10 threat action varieties within Insider Misuse [5]. The PM could also help to guarantee the continuity of stored passwords. A typical phenomenon of employment is that people from time to time leave and new employees come to replace them. In such cases passwords could represent serious problems. Those used by previous employees have to be changed completely in order to keep internal data safe. It could be helpful to use an auditable password store so that it would be easy to find out which ones need a change. Ideally, the stored passwords could be refreshed automatically. Such functionality of a PM could improve the security of customers. 8

16 2.5 Pros and Cons of Password Management Software As everything has its arguments pro and con, so has a PM. Before proceeding to complications which such software could bring, I would like to present its advantages. Among the most significant ones is a need to remember and protect just one master password to gain access to the PM. The others are stored in a database typically in an encrypted form and used by the software itself. Administrators could appreciate having one centralized repository where passwords for service accounts would be securely stored and operations with them would be restricted by predefined security politics. Cloud-based PMs could be accessible from various computer devices and thus enable administrators to react swiftly to i.e. emergency case. Administrators could also welcome various additional features which could help them with their role of managing service accounts, e.g. auditing and reports, remote login and password reset, automatic login to target systems and applications or disaster recovery. PMs might also have some weaknesses which could make them less trustworthy and it is always recommended to search for potential vulnerabilities within those systems, research the companies behind the products and consider evaluations by security experts than to trust vendors. A complex disadvantage is that companies rely on a third party while using a PM. Once a security of the provider is somehow compromised, it makes the data of its clients insecure as well. Therefore it is important to know how these systems save the data because all the passwords are in one place and covered just by the master password which therefore has to be extra protected, strong and changed regularly. The master password itself could be as well a disadvantage. Typically, it cannot be recovered and compromising it could lead to stored data leakage which could be destructive for the entity using such PM. Another challenging area is making a backup of stored data. In general, managing the PM s backups requires at least the same level of security as managing the original data itself. 9

17 3 Security In this chapter the security aspects of cloud computing in general are outlined in order to identify the questions which need to be addressed when considering a cloud-based application deployment. Further, main differences between cloudbased and on-premises software are listed together with advantages of each approach and its security-related problems. It is not possible to determine and prove that one approach is better than the other. In both cases there are several arguments for and against. The point is that before deciding to prefer one of them over the other it is necessary to take into account various factors that differ in both conceptions, e.g. IT infrastructure, initial software and support investment or implementation time. Anyway, it is necessary for the service, whether it is outsourced or running on-premises, to meet security standards of the purchaser. Afterwards when the facts are weighed, it could be decided which approach would suit better to specific needs of the purchasing company. 3.1 Cloud Computing and Information Security Cloud computing is a current issue. The following definition is taken from the Communications of the ACM (Association for Computing Machinery) magazine [6]. Cloud computing refers to both the applications delivered as services over the Internet and the hardware and systems software in the data centres that provide those services. ( ) The data centre hardware and software is what we will call a cloud. There are many different ways how to describe cloud computing. Bruce Schneier said it in other words [7]: Also called software as a service (Saas), cloud computing is when you run software over the internet and access it via a browser. ( ) Computing has become more of a utility; users are more concerned with results than technical details, so the tech fades into the background. There are many new aspects which cloud computing brought to the field of information technology. Some of them are outlined in the magazine of the ACM [6], e.g. infinite computing resources which are now available on demand. This is an advantage because cloud computing users do not need to plan far ahead for 10

18 provisioning. Companies can increase hardware resources only when there is an increase in their needs, which gives them more flexibility. In addition, outsourcing companies hold their professionals of the matter. It could be advantageous for the companies to make use of those outsourced specialists than to employ their own ones. The last but not least advantage is that cloud computing enables users to pay for computing resources they use on a short-term basis, according to their needs again. As an example I can mention paid processors by the hour and storage by the day. This could lead to e.g. noticeable infrastructure and power savings for the deploying company. On the other hand, there is a security issue. As Schneier expressed [7], IT security is mainly about trust. He claims that there is no other way then to trust hardware, operating system and software vendors, CPU manufacturers and Internet service providers. Any one of these can undermine your security: crash your systems, corrupt data, allow an attacker to get access to systems. Cloud computing is not an exception. It moves the trust boundary even one step further, because now there is as well a need to trust software vendors. Once a company wants to utilize some service which is offered by another outsourced company, it is necessary to provide it with 1 st party s own data. In any way if the service is either free of charge or paid there is a strong need of trusting the provider whereas the purchaser must be aware that there is a lack of full control over the data and processes. It is apparent that the future of computing is in outsourcing, therefore it is good to stress that it is not just about the security of an outsourcer, but also reliability, availability and continuity is what matters. According to Schneier s note it is even worse that data stored online has less privacy protection both in practice and under the law. While stored secrets are moving towards the cloud, it seems that strong passwords protecting them are the only things to rely on. 11

19 3.2 Cloud-based Password Management Software As cloud-based PMs are examples of outsourced services, they have the same advantages and security problems for companies which deploy them as those described in previous section. As providers of PMs have their own experts it could be more cost-effective to make use of them than to hire some new. The providers have their own computing resources as well as terms of payment. Some examples of licensing are managing fixed number of systems per year or obtaining a specific number of system administrators per year. Some of them have support fees included whereas others demand separate payment. From the security point of view, such services must guarantee reliability to be their fundamental feature as they are used for managing privileged information which is stored in the cloud. It is essential for the provider to supply transparent system with clear documentation, prove its dependability and offer adequate support. The goal is to gain complete overview of each PM s security features in order to understand how it works and where a potential problem might occur. E.g. privileged data is stored on provider s servers, therefore conditions of storing must comply with security standards of the purchasing company. Such services are accessible through a web browser, the connection must be encrypted all the data have to be sent through the Internet via HTTPS protocol. For more references about HTTPS it is recommended to follow the Request for Comments document regarding HTTP over TLS [8]. As with any cloud-based services, there are some risks that could be faced, therefore maximum effort to avoid them should be made. Some of them are depicted by Schneier [7] and helpful recommendations are available on the Cloud Computing Channel of InfoWorld web page [9]. One of the risks is the provider s bankruptcy. This could lead to entire data loss which is unacceptable for the stored passwords. Therefore it is recommended to run a health check before signing on with a PM provider such as check its revenue, profitability or number of customers and with their feedback. It could as well pay off to back up the data stored in the cloud as the only way to reach them is through the vendors own APIs (more information about API is given in section 5.2). Therefore PM providers should offer stored information backup, but obviously in an encrypted form. Another potential risk is that the provider could be sold to another company. The data loss or unwanted transfer should be previously avoided in the terms and conditions of the service. The same applies for e.g. sudden rapid increase in pricing and blocking the data. 12

20 The worst case of all could be that the provider experiences some kind of attack either internal or external. The purchasing company s data loss and breach threat could be devastating. There is no general advice on that, just to check for the provider s reliability. As is written in the Cloud Computing Channel, The best bet is to keep an eye on your vendor s balance sheet and to keep your local backups current. 3.3 On-premises Password Management Software On-premises software is also known as shrink wrap. The following definition is taken from dictionary [10]: On-premises software is a type of software delivery model that is installed and operated from a customer s in-house server and computing infrastructure. It utilizes an organization s native computing resources and requires only a licensed or purchased copy of software from an independent software vendor. It could be considered as an opposite to cloud-based software described above. This service transfers the overall responsibility to the customer, which includes its security, availability and management of the software. This kind of software requires in-house server hardware and IT support, investment in licenses (in case of open source software, there are licenses as well, but not charged) and perhaps also longer period of integration because necessary skill-set for managing such software must be first gained. Therefore it could demand larger investment and longer deployment time than cloudbased services. Nevertheless it could pay-off because the purchasing company does not have to rely on the vendor from the security point of view. There are many advantages on this fact: purchasers have full control over the system data and processes, privileged information is stored internally which avoids potential problems described in connection with cloud-based software. On the other hand, it is necessary to gain information about all the features of on-premises PMs. For instance, such software could send some routine statistics about its usage back to the provider, it must be known which data exactly is transmitted, how is it stored and potentially how could this feature be disabled. There is also a general difference between cloud and on-premises data store: a PM running on internal infrastructure would be accessible also without the Internet connection whereas cloud-based will not. This could be an advantage in case of connection loss. 13

21 4 Optimal Features There is a wide range of software designed to store and protect privileged shared information available on the market. As in case of any other software, it could be sometimes quite difficult to choose the most appropriate one. Therefore ahead of making any choice, it is reasonable to consider functionality which should be offered by an optimal password management software. As is described further in the following chapter, there is a long list of features which a PM software could have. Some of them are fundamental, whereas the others are additional or less important from the overall functionality point of view. Nevertheless, also the additional ones could make work of an administrator considerably easier. Therefore a particular PM could be regarded as an optimal software in case it offers both the essential and the optional features which are listed in the next chapter. 14

22 5 Enterprise-Requested Features A first necessary task of the practical part of this project was to create a list of requirements which the PM should fulfil. In order to propose a software that would exactly meet the requirements of an enterprise company it was necessary to consult them with IT and Security department, in this case with those of NetSuite Inc. The requirements were divided into two groups according to their importance essential and optional. This chapter lists the requirements belonging to each of the groups together with their definitions and explanations of their importance within an enterprise. 5.1 Essential Requirements The system had to meet certain criteria in order to be eligible for further testing. The criteria were given by the following list of features which were initially consulted with IT and Security specialists of NetSuite Inc. 1. ACL (Access Control List) management for each entry. The following description of ACL is taken from Matt Bishop s publication dealing with computer security [11]. An obvious variant of the access control matrix is to store each column with the object it represents. Thus, each object has associated with it a set of pairs, with each pair containing a subject and a set of rights. The named subject can access the associated object using any of those rights. 2. AD (Active Directory) integration. As described in a publication Active Directory [12]: Active Directory (AD) is Microsoft s network operating system (NOS). ( ) Active Directory enables administrators to manage enterprise-wide information efficiently from a central repository that can be globally distributed. The structure of the information stored could be simply matched to the organizational structure of a company. In order to benefit fully from a functionality of PM, it is essential to integrate it with AD which is 15

23 already being used. Specifically, already existing users, groups and their authorization rights might be integrated. It would be also valuable to have a possibility of linking password policy to passwords stored within the AD. 3. Audit. In order to clearly analyze which actions took place within a system and who performed them [11] it is effective to require auditing as one of its core functionalities. Specifically, in the case of PM it is important to have password retrieval and entry manipulation auditable so that it is easily detectable who operated within the system and when. For more reference it is recommended to follow a book called Audit informačního systému (Information System Audit) [13]. 4. Categories. In order to maintain clear arrangement of stored information it would be useful to require a functionality which enables to sort it to particular categories. For that purpose e.g. tags, fields or windows containing a description or metadata would be helpful. 5. Search. This feature is closely connected with the previous one Categories. Once there would be a possibility to sort the stored information out it would be easy as well to search within it. That would contribute a lot to maintain a good overview of stored information and help to keep it well organized. 6. Toggle show of passwords. Within a PM, passwords should be hidden by default or replaced by special characters e.g. stars. Such feature would help to increase the security of passwords by means of preventing unauthorized users from spotting them randomly. 7. Strong encryption. It is necessary for a password store to be well encrypted. The consultation with Security department representative of NetSuite led into an agreement that it would be beneficial to require AES level of encryption of the password storage. AES (Advanced Encryption Standard) [3] 1 An answer to question: Why most people use 256 bit encryption instead of 128 bit? was given by Thomas Pornin, a cryptographer [14]: 256-bit key cracking through exhaustive search is totally out of reach of Mankind. And it takes quite a lot of wishful thinking to even envision a 128-bit key cracking. ( ) To sum up: even if you use all the dollars in the World (including the dollars which do not exist, such as accumulated debts) and fry the whole planet in the process, you can barely do 1/1000 th of an exhaustive key search on 128-bit keys. So this will not happen. And a 256-bit key search is about 340 billions of billions of billions of billions times harder than a 128-bit key search, so don t even think about it. 16

24 is a symmetric-key block cipher algorithm which acts on 128-bit blocks. This algorithm also known as Rijndael can use a cipher key of 128, 192 or 256 bits in length. As mentioned in the book Security Engineering: a Guide to Building Dependable Distributed Systems, Although there is no proof of security whether in the sense of pseudorandomness, or in the weaker sense of an absence of shortcut attacks there is now a high level of confidence that Rijndael is secure for all practical purposes. 8. SSL (Secure Sockets Layer) protocol on the interface. This protocol works at the transport layer and protects web-based traffic [4]. It is designed to provide privacy over the Internet between two entities which communicate with each other the client and the server [15]. It is considered to be the most widely used protocol [3]. SSL was developed to support encryption and authentication in both directions, so that both http requests and responses could be protected against both eavesdropping and manipulation. This feature could ensure privacy. 9. Database lockdown. The data store cannot be accessible without a strong password and particular access restrictions have to be applied. No remote connection should be allowed. These rules would prevent a potential data leakage. 10. Master password. This is one of the common features of enterprise PM software. It could be described as a string of characters used in order to authenticate a user to some service. It is essential to maintain its confidentiality since the master password s role is to enable the access to other PMs functionality and protect other data stored within the application. Its role is to encrypt the database as well. It is usual that there is no way to recover lost master password. 11. Auto logout. In terms of web-based application there should be automatic logout function which would prevent unauthorized users to reach sensitive information stored. 12. RBAC (Role Based Access Control) support. As described in Anderson s publication [3], this policy model provides a general framework for mandatory access control. Access decisions depend on functions which are currently performed by users within a company. Transactions that may be performed by holders of a given role are specified, then mechanisms for granting membership of a role (including delegation). ( ) It can deal with integrity issues as well as confidentiality, by allowing role membership (and thus access rights) to be revised when certain programs are invoked. It is expected that an enterprise 17

25 PM software should support this model. A possibility to set access rights according to various roles of employees within a company in order to keep its structure is essential. 13. Password sharing and expiration. While logging to 3 rd party site password sharing feature allows users to share one password in encrypted form, i.e. without any need to expose it. Password expiration feature provides assurance that passwords generated within a PM are up to date. 14. Break-glass administrator account. Break-glass is an additional feature of an access control model which enables the model to be more flexible in case of emergency or disaster and helps to prevent system stagnation as it enables an administrator to access the system. Such account could work as a backdoor to keep the system working in case of acute problems. 15. One-Time passwords (OTP). As introduced in the CISSP publication [4], OTP has its synonym a dynamic password just because it could be used for authentication purposes only once, because afterwards it is no longer valid. This type of authentication mechanism is used in environments that require a higher level of security than static passwords provide. An enterprise company is definitely this case of such environment. The following further description has been taken from the security-related web page [16]. OTP is a numeric or alphanumeric string of characters which is automatically generated. OTPs may replace authentication login information or may be used in addition to it, to add another layer of security. This is exactly the functionality required by involved parties. 5.2 Optional Requirements The following features were not compulsory for PMs available on the market. On the other hand, meeting them was considered by involved parties as advantageous. 1. Reports. This requirement is connected with Audit. Once a system has an auditing feature incorporated, it is favourable to have also an opportunity to report results of the audit e.g. password retrieval. Reporting would help administrators to retain access and operations overview. 18

26 2. Password search, history and age. This set of secondary features would help to organize passwords stored within a PM and enable an administrator to search within it quickly. It would be also beneficial to have a password age indicator which would inform a user that it is already necessary to change his passwords. Another option could be to set the software so that it would automatically demand changing stored passwords from a user. Advantages of these features would be clear arrangement of passwords, ability to search in history and presence. Primarily, the last named attribute could be considered one of the most important attributes from the security point of view. As Matt Bishop [11] points out: Guessing of passwords requires that access to the complement, the complementation functions, and the authentication functions be obtained. If none of these have changed by the time the password is guessed, then the attacker can use the password to access the system. 3. API (Application Programming Interface) integration. API [17] is a set of standards and instructions or methods. Using these methods a programmer can access a web-based software application or a web tool or simply to manage software applications. API integration could be helpful for PM maintenance. 4. Password policy. As is mentioned on the web page of the SANS Institute [18], a policy is typically a document that outlines specific requirements or rules that must be met. In the information/network security realm, policies are usually point-specific, covering a single area. Such definition could be used as well for explaining the term password policy. It is a document or a statement containing a set of rules assembled for the purpose of enhancing computer security within a company. Such rules are designed in order to encourage users to employ passwords which are strong and use them in a proper way. By following a particular password policy it is expected to reach a high level of information security and prevent system vulnerability. It would be considered as advantageous to have a chance to set up and enforce multiple password policies within the PM software it would support the flexibility of the system. 5. Password generator and strength meter. As obvious, PMs have a master password feature integrated as a common functionality (section 5.1). a PM administrator has to create with this password, but on the other hand there is no need to deal with all the other passwords stored within a database. For that case it would be very useful to have a password generator integrated together with its strength meter. The characteristics of the generator should be customizable by an administrator. 19

27 6. Block Sync and No Sync attribute. In case synchronization of data stored within PM is allowed, it is important to be assured that this feature could be blocked for those users that do not have access to such data. Selected passwords should be also marked as non-exportable, i.e. one-time passwords (section 5.1). These features would contribute to the protection of confidential information within the system, and passwords definitely belong among the most confidential items. 7. Database backup and synchronization. There should be a possibility to have the database containing stored data backed up. In case of a distributed storage of information the database should have synchronization feature integrated. This would be effective because stored data would be always up-to-date and saved for possible emergency case. 8. Two-factor authentication (TFA, T-FA or 2FA). A definition is given in a book which deals with an issue of securing ASP.NET Web API applications [19]. The author describes that in general, (...) there are three types of credentials through which a user can be authenticated: knowledge factor (what a user knows), ownership factor (what a user owns), and inherence factor (what a user is). When you have an authentication mechanism that leverages a combination of two of these factors, it is called two-factor authentication (...). The reason for requiring TFA is apparently the security of authentication. The web page (section 5.1) claims that despite the fact that there is a large number of vulnerabilities nowadays present in many TFA implementations, it is always better to use it when offered than not at all [20]. 9. notifications. PM could be set up so that it would send s to an administrator in case something within the information store changed. It could be e.g. a change of passwords, settings or access rights. This feature would contribute to keeping general knowledge of actions taken within the PM and to enabling flexible reactions to such changes if needed. 10. SIEM (Security Information and Event Management) systems integration. Shon Harris [4] mentions that these are nowadays very frequently implemented systems by various organizations. These products gather logs from various devices (servers, firewalls, routers, etc.) and attempt to correlate the log data and provide analysis capabilities. He as well points out that it is both mind-numbing and close to impossible to be successful in reviewing logs manually while looking for a suspicious activity. So many packets and network communication data sets 20

28 are passing along a network; humans cannot collect all the data in real or near to real time, analyse them, identify current attacks and react it is just too overwhelming. Another problem related to logs is that there are many different types of systems on a network and each one collects logs in a different proprietary format. Therefore a sort of centralization and standardization is needed. This problem could SIEM technology solve easily. According to Gartner [21], it provides: Security information management (SIM) log management and compliance reporting, analysis of log data Security event management (SEM) real-time monitoring, incident management for security-related events from networks, security devices, systems, and applications The main reasons to require SIEM systems integration within an enterprise company is to improve threat management as well as incident response capabilities. There is all together a larger number of advantages in using SIEM, such as user activity monitoring, application activity and data access monitoring or anomaly detection. All these features would be beneficial to have deployed within a large company. The reason is security again. Having a good overview about what happens within the system due to logs, reporting and detailed analysis together with monitoring as a part of SEM would help in defending a company against external (or either internal) threats. 21

29 6 Survey of Enterprise Password Management Software on the Market A first necessary task of a practical part of the project was to create a list of requirements which the PM should fulfil. In order to propose a software that would exactly meet the requirements of an enterprise company it was necessary to consult them with IT and Security department, in this case with those of NetSuite Inc. The requirements were divided into two groups according to their importance essential and optional. This chapter lists the requirements belonging to each of the groups together with their definitions and explanations of their importance within an enterprise. Another stage of this project was dedicated to searching for various PMs across the market and accumulating available information about each of them. Individual PMs are based on almost comparable core features, but differ in additional features, licensing and purchase conditions. After the market research a set of offered features was compared to already given list of requirements (chapter 5) and those managers which met the requirements were recommended for the Proof of Concept (chapter 7). Initially, PMs are divided again as in chapter 3 into two main groups according to their deployment. In the first group there are outsourced ones cloud-based PMs, and those running on-premises fall into the second group. An important part of this chapter are two tables included at the end of the section 6.3. The tables contain all the PMs taken into account together with the list of requested features. They show how each of the PMs fulfils the essential and the optional features. Those cells that are left empty mean that it was not possible to extract information about the particular feature from the PM s web page or from documentation (if available). 22

30 6.1 Cloud-based Software The two following managers are outsourced cloud-based services. They are both commercial software. 1. Last Pass Enterprise LastPass Corporate [22]. This PM claims to combine robust password vaulting with cloud single sign-on capabilities. It comes with a separate management console. Its part is also a Web client where an administrator can view contents of this vault. As one of the exceptional PMs, LastPass can run on Windows, Linux and Mac OS host side. 2. Passpack Paspack Inc. [23]. Authors of this PM claim that collaboration is its core function. Therefore it is designed so that it can be used either by single users or by larger IT departments. In the second case, Passpack would serve as a shared central password repository available for both small and large companies. This is one example of software which is flexible thanks to its cloud basis. Passpack works with the latest versions of Google Chrome, Opera, Firefox, Safari and Internet Explorer 7+. Pricing is set as follows: regular fee is per month together with another five conditions, which are the number of passwords stored, the number of shared users, groups, note size and disposable logins. 6.2 On-premises Software All of the following PMs are commercial products excluding one of them WebPasswordSafe which is open-source software. 1. Secret Server Thycotic Inc. [24]. Secret Server is a web-based PM available in two editions Enterprise and Enterprise Plus offering additional features. Its design is based on a web application built on ASP.NET 1 website and an integration with Microsoft SQL Server 2 which works as a database back end. This PM has noticeably extensive functionality and licensing is set per named user with support included. 1 ASP.NET is a free web framework that is used for building web sites, services and applications [25]. 2 MS SQL Server [26] is a database system running on Structured Query Language [27]. 23

31 2. PowerBroker Password Safe BeyondTrust Inc. [28]. The provider introduces this PM as an automated password and session manager which offers access control and auditing for privileged accounts and local administrative accounts. One of its key features is also complete support for operating systems, accounts, applications and devices plus a custom connector builder for all systems that support Telnet or SSH connections. 3. Password Manager Pro Manage Engine (Zoho Corporation Pvt. Ltd.) [29]. Password Manager Pro is a centralized password vault offered in a compact web-based package. In contrary with other PM system, this one can run both on Windows and Linux host side. In addition, it is available also as a free edition which allows having 1 administrator and manage up to 10 resources with unlimited validity. Licensing of other registered versions is based on number of administrators and type of edition. One of the options is Standard Edition, the other is Premium Edition, which offers extra features such as remote password synchronization or reports. 4. Enterprise Password Vault (EPV) Cyber-Ark Software, Ltd. [30]. EPV is a part of Cyber-Ark s Privileged Account Security Solution [31]. The provider claims it helps to secure, manage and track usage of privileged credentials both ways on-premise and in the cloud. The product is built on the Cyber- Ark Shared Technology Platform [32] which allows customers to deploy a single infrastructure and expand the solution to meet expanding business requirements. Cyber-Ark has a different approach than other companies: every request of either more information or purchase options must be performed via their partners. There is a contact list of those partners on the company s web page. 5. Enterprise Random Password Manager (ERPM) Lieberman Software Corp. [33]. Lieberman Software s main idea is to strengthen privileged accounts and shared administrative access to local servers both Windows and Linux. In addition to Windows and Linux service accounts, ERPM can handle passwords on various other service accounts, e.g. IIS 1 accounts, SQL Server and Oracle database 2 accounts etc., both physical and virtual servers. Lieberman software does not insist on AES-256 level of encryption, but offers AES-128 as well. 1 IIS (Internet Information Services) for Windows Server is a Web server for hosting tasks on the Web [34]. 2 Oracle database is an object-relational database management system [35]. 24

Mobile One Time Passwords and RC4 Encryption for Cloud Computing

Mobile One Time Passwords and RC4 Encryption for Cloud Computing Technical report, IDE1108, March 2011 Mobile One Time Passwords and RC4 Encryption for Cloud Computing Master s Thesis in Computer Network Engineering Markus Johnsson & A.S.M Faruque Azam School of Information

More information

Security Architecture for the TEAMDEC System

Security Architecture for the TEAMDEC System Security Architecture for the TEAMDEC System Haiyuan Wang Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the degree

More information

Virtual Desktop and Cloud Services: New Security Demand. Blerta Lufaj

Virtual Desktop and Cloud Services: New Security Demand. Blerta Lufaj Virtual Desktop and Cloud Services: New Security Demand Blerta Lufaj Master s Thesis Master of Science in Information Security 30 ECTS Department of Computer Science and Media Technology Gjøvik University

More information

An Oracle White Paper February 2014. Oracle Security Solutions for SAP Environments

An Oracle White Paper February 2014. Oracle Security Solutions for SAP Environments An Oracle White Paper February 2014 Oracle Security Solutions for SAP Environments Introduction... 1 Operating System Security... 3 Role-Based Access Control (RBAC)... 5 Protecting Logins... 5 Virtualization

More information

CYBER SECURITY. Home user's perspective. Mikko Ikonen

CYBER SECURITY. Home user's perspective. Mikko Ikonen CYBER SECURITY Home user's perspective Mikko Ikonen Bachelor's Thesis of the Degree Programme in Business Information Technology School of Business and Culture Bachelor of Business Administration 2014

More information

Know the Risks. Protect Yourself. Protect Your Business.

Know the Risks. Protect Yourself. Protect Your Business. Protect while you connect. Know the Risks. Protect Yourself. Protect Your Business. GETCYBERSAFE GUIDE FOR S MALL AND MEDIUM BUSINESSES GetCyberSafe Guide for Small and Medium Businesses i ii Table of

More information

Best Practices in Scalable Web Development

Best Practices in Scalable Web Development MASARYK UNIVERSITY FACULTY OF INFORMATICS Best Practices in Scalable Web Development MASTER THESIS Martin Novák May, 2014 Brno, Czech Republic Declaration Hereby I declare that this paper is my original

More information

Integrating Conventional ERP System with Cloud Services

Integrating Conventional ERP System with Cloud Services 1 Integrating Conventional ERP System with Cloud Services From the Perspective of Cloud Service Type Shi Jia Department of Computer and Systems Sciences Degree subject (EMIS) Degree project at the master

More information



More information

The Role of Kerberos in Modern Information Systems

The Role of Kerberos in Modern Information Systems Introduction The Role of Kerberos in Modern Information Systems Achieving adequate security for today s information systems has proven to be a very hard problem. In many cases, the problems of security

More information



More information

Masaryk University Faculty of Informatics. Master Thesis. Database management as a cloud based service for small and medium organizations

Masaryk University Faculty of Informatics. Master Thesis. Database management as a cloud based service for small and medium organizations Masaryk University Faculty of Informatics Master Thesis Database management as a cloud based service for small and medium organizations Dime Dimovski Brno, 2013 2 Statement I declare that I have worked

More information

The Impact of Cloud Computing on Organizations in Regard to Cost and Security

The Impact of Cloud Computing on Organizations in Regard to Cost and Security The Impact of Cloud Computing on Organizations in Regard to Cost and Security Mihail Dimitrov Ibrahim Osman Department of informatics IT Management Master thesis 1-year level, 15 credits SPM 2014.22 Abstract

More information

Security Information and Event Management

Security Information and Event Management Radboud University Nijmegen Security Information and Event Management Master Thesis on the methodology, implementation challenges, security issues and privacy implications concerning SIEM environments

More information

Microsoft Dynamics GP. Planning for Security

Microsoft Dynamics GP. Planning for Security Microsoft Dynamics GP Planning for Security Copyright Copyright 2012 Microsoft. All rights reserved. Limitation of liability This document is provided as-is. Information and views expressed in this document,

More information

An Analysis Scientometric for Challenge Growth and Development of Cloud Computing

An Analysis Scientometric for Challenge Growth and Development of Cloud Computing An Analysis Scientometric for Challenge Growth and Development of Cloud Computing G. Geetharamani 1, M.Padma 2 Assistant Professor,Department of Mathematics, BIT Campus, Anna University,Chennai, Thiruchirapalli,

More information

SharePoint. Environment

SharePoint. Environment CHAPTER 3 Planning Redundancy and Scaling the SharePoint Environment Any enterprise platform needs to be able to adjust, grow, and scale out to fit the needs of a changing organization. SharePoint is no

More information

SaaS Data Privacy. Thesis IT Audit. Executive Master of IT Auditing (EMITA) Thesis ID: 1005 March 2010. Nicole Woodriffe Student number: 1786326

SaaS Data Privacy. Thesis IT Audit. Executive Master of IT Auditing (EMITA) Thesis ID: 1005 March 2010. Nicole Woodriffe Student number: 1786326 SaaS Data Privacy Thesis IT Audit Executive Master of IT Auditing (EMITA) Thesis ID: 1005 March 2010 Nicole Woodriffe Student number: 1786326 Ir. María José Alonso Alonso Student number: 1784641 Ir. Erica

More information



More information

Module 9: IS operational and security issues

Module 9: IS operational and security issues file:///f /Courses/2010-11/CGA/MS2/06course/m09intro.htm Module 9: IS operational and security issues Overview Firms that make extensive use of information systems must contend with a number of ongoing

More information

Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3

Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Table of Contents Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Information Gathering... 3 Vulnerability Testing... 7 OWASP TOP 10 Vulnerabilities:... 8 Injection

More information

Requirements for Developing the Reporting of the Ticketing System. Miia Pelkki

Requirements for Developing the Reporting of the Ticketing System. Miia Pelkki Requirements for Developing the Reporting of the Ticketing System Miia Pelkki Thesis Bite 2013 Abstract BITE Author Miia Pelkki 25.11.2013 Title of thesis Requirements for Developing the Reporting of the

More information

Architecting for the Cloud

Architecting for the Cloud School of Innovation, Design and Engineering Architecting for the Cloud Master Thesis in Computer Science Student Ivan Balatinac Iva Radošević Supervisor

More information

Microsoft Dynamics GP. Planning for Security

Microsoft Dynamics GP. Planning for Security Microsoft Dynamics GP Planning for Security Copyright Copyright 2007 Microsoft Corporation. All rights reserved. Complying with all applicable copyright laws is the responsibility of the user. Without

More information

Cloud Computing: Security Issues and Research Challenges

Cloud Computing: Security Issues and Research Challenges Cloud Computing: Security Issues and Research Challenges Rabi Prasad Padhy 1 Manas Ranjan Patra 2 Suresh Chandra Satapathy 3 Senior Software Engineer Associate Professor HOD & Professor Oracle India Pvt.

More information

Data protection. Protecting personal data in online services: learning from the mistakes of others

Data protection. Protecting personal data in online services: learning from the mistakes of others Data protection Protecting personal data in online services: learning from the mistakes of others May 2014 Contents Introduction... 2 What the DPA says... 4 Software security updates... 5 Software security

More information

General Introduction... 3. Information Systems... 5. Backup & Recovery... 14. Physical Security... 17. Wireless Security... 20

General Introduction... 3. Information Systems... 5. Backup & Recovery... 14. Physical Security... 17. Wireless Security... 20 Contents Prologue... 2 General Introduction... 3 Information Systems... 5 Passwords... 9 PC Security... 12 Backup & Recovery... 14 Physical Security... 17 Wireless Security... 20 Identity Theft... 22 Social

More information

Institutionen för datavetenskap. Development of a customer support process tool in SharePoint Online

Institutionen för datavetenskap. Development of a customer support process tool in SharePoint Online Institutionen för datavetenskap Department of Computer and Information Science Final thesis Development of a customer support process tool in SharePoint Online by Andreas Larsson LIU-IDA/LITH-EX-A 15/017

More information

The Definitive Guide To. Identity Management. Archie Reed

The Definitive Guide To. Identity Management. Archie Reed The Definitive Guide To tm Identity Management Archie Reed Introduction Introduction By Sean Daily, Series Editor The book you are about to enjoy represents an entirely new modality of publishing and a

More information

Single Sign-On Risks and Opportunities of Using SSO (Single Sign- On) in a Complex System Environment with Focus on Overall Security Aspects

Single Sign-On Risks and Opportunities of Using SSO (Single Sign- On) in a Complex System Environment with Focus on Overall Security Aspects Degree project Single Sign-On Risks and Opportunities of Using SSO (Single Sign- On) in a Complex System Environment with Focus on Overall Security Aspects Author: Ece Cakir Date: 2013-02-15 Subject: Software

More information