SlideShare une entreprise Scribd logo

Self-service Password Management

Netwrix Corporation
Netwrix Corporation

Password practices that improve security are by their nature burdensome to the user. Industry analysts find that 30% of all IT help desk calls are about password issues, at a cost averaging $30 to $60 per call. The solution that has evolved for this problem is called the Self-service Password Reset. The white paper below describes the common benefits and must-have features of the self-service password management solutions available on the market today.

Technologie
1  sur  7
Télécharger pour lire hors ligne
White paper: Self-Service Password Management written by NetWrix Corporation
© Copyright NetWrix Corporation 2008. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of NetWrix Corporation. WARRANTY The information contained in this document is subject to change without notice. NetWrix Corporation makes no warranty of any kind with respect to this information. NETWRIX SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTY OF THE MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NetWrix Corporation shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this information. TRADEMARKS All trademarks and registered trademarks used in this guide are property of their respective owners. Web: http://www.netwrix.com Phone: +1.888.NETWRIX (888.638.9749) Address: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652 2 White paper: Self-Service Password Management
SELF-SERVICE PASSWORD MANAGEMENT: The Cost-Effective Option So Many Passwords, So Little Time... In today's complex IT environments, users typically have multiple passwords to manage for a variety of applications or access levels. Eighty percent of all users have 3 or more passwords to manage, but many more are possible depending on their system access needs (Safenet 2004). Users end up jotting passwords on note paper, thus threatening the security of the system, or they simplifying life by reusing passwords or choosing weak ones where the system permits, even though these are unsafe security practices. Meanwhile, security-minded IT organizations often implement strong password measures which inadvertently add to the burden, requiring users to recall complex formulations and change them frequently. Compliance with auditing and regulatory requirements, such as Sarbanes-Oxley and HIPAA, further tighten the password security net and in turn, further confound the user. Quite simply, password practices that improve security are by their nature burdensome to the user, resulting in passwords difficult to remember which are often changed about the same time they have finally become memorized. Yet password security remains a cornerstone of system security: as much as 80% of security breaches take place not through arcane hacking and virus attacks, but through system infiltration facilitated by use of a password. It remains in the best interests of the organization to have strict password requirements that mitigate against system access by hostile parties. These are also the kinds of passwords best designed, it seems, to be forgotten by busy and distracted users. Given this environment, it is no surprise that industry analysts find that 30% of all help desk calls across the industry are about password issues, at a cost averaging $30 to $60 per call. This support cost when multiplied across an organization can be huge. While necessary to system security, troubleshooting passwords is a large time sink for system administrators or help desk staff. This low-level, repetitive activity siphons valuable support resources away from higher- priority or more productive tasks. Self-Service Reset Utilities The solution that has evolved for this problem is the self-service password reset utility. At their simplest, products of this sort enable the user to reset a password or clear an account lockout independently of the help desk, typically through a browser-based portal. Some versions of this product require that users first find a browser to use, which they are unable to do at their desktop, because they cannot log into their system and gain access to their own browser. A common solution to this problem is for the user to access a special kiosk system installed nearby in the workplace, or to interrupt a colleague for a few minutes to use his or her computer for a few minutes. The better designed reset utilities are activated by a link from the user's logon prompt, so the individual can proceed with their troubleshooting from their own desk. Self-service reset 3 White paper: Self-Service Password Management
products rst validate the user as someone authorized for access to the system. Then the user is walked through a password change dialog that instantly resets their password and unlocks their account if needed without further intervention from the help desk. User Validation Most reset products validate the user via a data match from a prole previously set up by the user. Typically, the user will have answered multiple personal questions such as favorite pet's name or rst street lived on, and one or more of these questions are presented to the user by the reset utility. To guard against unauthorized access attempts, the more exible reset systems can be set to lock out someone repeatedly entering incorrect answers to these validation questions. The questions are generally pre-selected by the system administrator who set up the reset product, although some allow the user himself to choose what questions he prefers to answer. To load a prole database with user information, an IT department usually introduces the self- service solution to end users with an email and one-click links to the process. Yet no matter how many admin emails are sent out, some portion of users will fail to set up a password profile if it is a voluntary process. This issue can be avoided with profile preloading, in which an organization may load the profile database with HR data such as SSNs or mothers' maiden names. In this manner, users will have their profiles already established even if they have never used the system before. Another way around this user roadblock is to employ enforced enrollment: some reset products can be set up to require all users to establish their verification profiles during an initial logon. Less commonly, some systems require telephone voice verification, or offer biometric validation of the user's identity. Approaches such as biometrics offer an extraordinary degree of security in certain settings, such as, for example, where access to sensitive R&D work or business intelligence is guarded. The trade-off for that degree of security is the additional expense of the biometrics system, and the additional administrative burden of mapping biometrics for a changing user base. This may be worthwhile in some relatively static places of employment, but in settings such as educational institutions or the shifting population base of e-business, biometrics are as yet an impractical tool to use with a remote or changing user population. Validation data must be stored somewhere, and some solutions utilize Active Directory for this, either with or without schema extension. However, this is not a recommended practice for data integrity, since AD is not designed to be a catch-all space to load proprietary data from different vendors. Better-designed products store sensitive data in secure local storage and never touch Active Director or alter schema. The Reset Process Once the user is validated, a dialog prompts for the creation of a new password. This password is checked against password construction rules that have been established by IT management. Parameters such as necessary alphanumeric combinations, length, and whether or not the word 4 White paper: Self-Service Password Management
has been used within a past timeframe are checked. When a valid password has been created that conforms to system requirements, the utility automates the reset process within the network operating system, eliminating the need for the hands-on administration that is a multi-step process when done manually. If an account has been locked, that lockout is also cleared, and the user is free to log in once more with the new password. Benefits The immediate benefit of a self-service password reset is that users can resolve their problems themselves and get on with their tasks without having to wait for help desk service. It is quick, easy, and convenient to use, and can be employed at any time of the day or night, regardless whether IT support staff is present or not. User productivity is increased, for there is no down- time while waiting to re-gain systems access. And while an improved user experience and higher satisfaction certainly have value, even more advantages accrue to the organization from the IT management point of view. Help Desk Self-service password reset systems offer immediate payoff at the IT help desk. In some shops, the overall volume of calls may be reduced by 30%, freeing up expensive IT resources for more vital tasks. In other shops, where there are often wait queues on the phone or a high volume of call-backs needing service, the help desk is able to focus more exclusively on technically significant issues -i.e., matters that have a correspondingly greater impact on user productivity. While the latter is more difficult to quantify, the impact of the former can be tracked by simple ROI calculators that reckon the labor costs saved by reduced call volume alone. See References for an example. Compliance Another benefit to password reset automation comes in the improved ability to comply with HIPAA, Sarbanes-Oxley, and Gram-Leach-Bliley. The auditing requirements of these regulations demand that an organization be able to maintain secure access to data, and track who has what access when. Password management solutions are a simple way to facilitate this, since they can create extensive audit trails to track and analyze all password changes and usage in the system. Because these solutions manage password complexity rules, they also help enforce password policies established to meet compliance requirements. From the human management standpoint, once users can easily resolve access problems, it is easier to get them to comply with password practices and to maintain higher security standards throughout a system. In the end, the organization is in better compliance with legal requirements for access and security, and costs are reduced by the automated tracking and reporting of audit information. 5 White paper: Self-Service Password Management
Strategic Service and Best Practices Organizations that use best-practice frameworks such as COBIT or ITIL will also benefit from the use of a self-service password reset solution. Help desk or service desk management plans must take into consideration where and how resources are allocated to perform necessary tasks. A simple product that frees up 30% of the low-level activity of a help desk is a powerful solution for the strategic management of IT resources. When incorporated into a best practice service strategy, a solution of this sort may offer unexpectedly large benefits in the long term. Conclusion The self-service reset of forgotten passwords and account lockouts offers cost-effective management of the most common user problem in virtually every IT-using organization. Password Manager from NetWrix offers a self-service solution that incorporates the best of the reset solution design features. Easy to use and simple to deploy, Password Manager allows for database preloading of user validation information so users with problems can be self-assisted from Day 1. The product can be configured for enforced enrollment, guaranteeing that all users will go through the validation information process before logging on to the network. Password Manager partitions its data management cleanly, storing sensitive information in a local secure database and enabling resets without making alterations in Active Directory schema. NetWrix Password Manager uses a Windows Logon Extension to give users a self-help link to follow from a failed logon: users do not need to seek out a functioning browser, but can continue their problem-resolution at their desktop. In the occasional instance where a user may not be able to help themselves -when, for example, they have forgotten their verification answers -the NetWrix solution includes the help desk portal. This connection is part of a common framework for making password resets according to established password policies. This pre-qualifies the exact nature of a user's problem and improves help desk efficiency when assisting with the reset problem. For more information on NetWrix Password Manager product, visit this link where there is also a free downloadable ROI spreadsheet for calculating cost savings effected by utilizing this self- service password reset product. References NetWrix Corporation: ROI Calculator for self-service password reset. Downloadable at: http://www.netwrix.com/password_manager.html. Safenet, Inc. "2004 Password Survey." Safenet-inc.com. http://mktg.safenet-inc.com/mk/get/pwsurvey04 6 White paper: Self-Service Password Management
About NetWrix Corporation Established in 2006, NetWrix Corporation provides innovative and cost-effective solutions that simplify and automate the management of Windows networks. With in-depth knowledge and experience managing Windows environments of all sizes, the company delivers solutions to meet complicated business requirements while fulfilling the best expectations of IT professionals. Contacting NetWrix Toll-free Phone: 888.638.9749 Web site: www.netwrix.com Address: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652 Contacting NetWrix Support Technical support is available to customers who have a trial version of a NetWrix product or who have purchased a commercial version and have a valid maintenance contract. Contact NetWrix Support at http://www.netwrix.com/support. 7 White paper: Self-Service Password Management

Recommandé

Test file
Test fileTest file
Test file
spamthejay
 
Victoria
VictoriaVictoria
Victoria
123Dayana
 
Single Use Bioreactors (2012)
Single Use Bioreactors (2012)Single Use Bioreactors (2012)
Single Use Bioreactors (2012)
shad121
 
Rocks...
Rocks...Rocks...
Rocks...
Jevish Sydamah
 
Re effect mo re welds-3
Re effect mo re welds-3Re effect mo re welds-3
Re effect mo re welds-3
moriotf
 
102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline
102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline
102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline
qu0cthangprovip95
 
V-INSTAL Góra Kalwaria
V-INSTAL Góra KalwariaV-INSTAL Góra Kalwaria
V-INSTAL Góra Kalwaria
salonyVi
 
Salon Firmowy Bydgoszcz
Salon Firmowy BydgoszczSalon Firmowy Bydgoszcz
Salon Firmowy Bydgoszcz
salonyVi
 

Recommandé

Test file
Test fileTest file
Test file
spamthejay
 
Victoria
VictoriaVictoria
Victoria
123Dayana
 
Single Use Bioreactors (2012)
Single Use Bioreactors (2012)Single Use Bioreactors (2012)
Single Use Bioreactors (2012)
shad121
 
Rocks...
Rocks...Rocks...
Rocks...
Jevish Sydamah
 
Re effect mo re welds-3
Re effect mo re welds-3Re effect mo re welds-3
Re effect mo re welds-3
moriotf
 
102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline
102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline
102 bi quyet_tm_dien_tu - www.beenvn.com - tu_sachonline
qu0cthangprovip95
 
V-INSTAL Góra Kalwaria
V-INSTAL Góra KalwariaV-INSTAL Góra Kalwaria
V-INSTAL Góra Kalwaria
salonyVi
 
Salon Firmowy Bydgoszcz
Salon Firmowy BydgoszczSalon Firmowy Bydgoszcz
Salon Firmowy Bydgoszcz
salonyVi
 
Nu sinh
Nu sinhNu sinh
Nu sinh
qu0cthangprovip95
 
Spirituality
SpiritualitySpirituality
Spirituality
Valeriu Cismas
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
Netwrix Corporation
 
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
Percy Lopez
 
TGL Lublin
TGL LublinTGL Lublin
TGL Lublin
salonyVi
 
SOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, ExpandSOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, Expand
DigitalByDesign
 
Short stories
Short storiesShort stories
Short stories
Hend Youssef
 
The inaugural Professional Diversity Network Diversity Jobs Index and Report
The inaugural Professional Diversity Network Diversity Jobs Index and ReportThe inaugural Professional Diversity Network Diversity Jobs Index and Report
The inaugural Professional Diversity Network Diversity Jobs Index and Report
Daniel Sullivan
 
Assessing assessment
Assessing assessmentAssessing assessment
Assessing assessment
slideshareknow
 
Moscow re
Moscow reMoscow re
Moscow re
moriotf
 
The top 10 cafe
The top 10 cafeThe top 10 cafe
The top 10 cafe
Kevin Ng
 
Koonsoor Kampuchea 2016
Koonsoor Kampuchea 2016Koonsoor Kampuchea 2016
Koonsoor Kampuchea 2016
Ham Houn
 
Get Got 2012
Get Got 2012Get Got 2012
Get Got 2012
adam_mcmurtry
 
Market Update5 2012
Market Update5 2012Market Update5 2012
Market Update5 2012
Summitfunding
 
Silicon Valley Marketo User Group Meeting February 29, 2012
Silicon Valley Marketo User Group Meeting February 29, 2012Silicon Valley Marketo User Group Meeting February 29, 2012
Silicon Valley Marketo User Group Meeting February 29, 2012
ryanvong
 
Kotly kondensacyjne, z jakiego materialu ?
Kotly kondensacyjne, z jakiego materialu ?Kotly kondensacyjne, z jakiego materialu ?
Kotly kondensacyjne, z jakiego materialu ?
salonyVi
 
File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
Netwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
Netwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
Netwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
Netwrix Corporation
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
Netwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
Netwrix Corporation
 

Contenu connexe

En vedette

NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
Netwrix Corporation
 
Moscow re
Moscow reMoscow re
Moscow re
moriotf
 
The top 10 cafe
The top 10 cafeThe top 10 cafe
The top 10 cafe
Kevin Ng
 
Koonsoor Kampuchea 2016
Koonsoor Kampuchea 2016Koonsoor Kampuchea 2016
Koonsoor Kampuchea 2016
Ham Houn
 
Silicon Valley Marketo User Group Meeting February 29, 2012
Silicon Valley Marketo User Group Meeting February 29, 2012Silicon Valley Marketo User Group Meeting February 29, 2012
Silicon Valley Marketo User Group Meeting February 29, 2012
ryanvong
 

En vedette (16)

Nu sinh
Nu sinhNu sinh
Nu sinh
 
Spirituality
SpiritualitySpirituality
Spirituality
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
 
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
LEY FUNDAMENTAL DE LA EDUCACIÓN (Honduras 2012)
 
TGL Lublin
TGL LublinTGL Lublin
TGL Lublin
 
SOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, ExpandSOCIAL IMMEDIATELY Connect, Share, Expand
SOCIAL IMMEDIATELY Connect, Share, Expand
 
Short stories
Short storiesShort stories
Short stories
 
The inaugural Professional Diversity Network Diversity Jobs Index and Report
The inaugural Professional Diversity Network Diversity Jobs Index and ReportThe inaugural Professional Diversity Network Diversity Jobs Index and Report
The inaugural Professional Diversity Network Diversity Jobs Index and Report
 
Assessing assessment
Assessing assessmentAssessing assessment
Assessing assessment
 
Moscow re
Moscow reMoscow re
Moscow re
 
The top 10 cafe
The top 10 cafeThe top 10 cafe
The top 10 cafe
 
Koonsoor Kampuchea 2016
Koonsoor Kampuchea 2016Koonsoor Kampuchea 2016
Koonsoor Kampuchea 2016
 
Get Got 2012
Get Got 2012Get Got 2012
Get Got 2012
 
Market Update5 2012
Market Update5 2012Market Update5 2012
Market Update5 2012
 
Silicon Valley Marketo User Group Meeting February 29, 2012
Silicon Valley Marketo User Group Meeting February 29, 2012Silicon Valley Marketo User Group Meeting February 29, 2012
Silicon Valley Marketo User Group Meeting February 29, 2012
 
Kotly kondensacyjne, z jakiego materialu ?
Kotly kondensacyjne, z jakiego materialu ?Kotly kondensacyjne, z jakiego materialu ?
Kotly kondensacyjne, z jakiego materialu ?
 

Plus de Netwrix Corporation

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
Netwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
Netwrix Corporation
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
Netwrix Corporation
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
Netwrix Corporation
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
Netwrix Corporation
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Netwrix Corporation
 

Plus de Netwrix Corporation (19)

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases Auditors
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users Accounts
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange Server
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy Changes
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the Enterprise
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
File auditing on NetApp Filer
File auditing on NetApp Filer File auditing on NetApp Filer
File auditing on NetApp Filer
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 

Dernier (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Self-service Password Management

  • 1. White paper: Self-Service Password Management written by NetWrix Corporation
  • 2. © Copyright NetWrix Corporation 2008. All rights reserved. This guide contains proprietary information, which is protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's personal use without the written permission of NetWrix Corporation. WARRANTY The information contained in this document is subject to change without notice. NetWrix Corporation makes no warranty of any kind with respect to this information. NETWRIX SPECIFICALLY DISCLAIMS THE IMPLIED WARRANTY OF THE MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. NetWrix Corporation shall not be liable for any direct, indirect, incidental, consequential, or other damage alleged in connection with the furnishing or use of this information. TRADEMARKS All trademarks and registered trademarks used in this guide are property of their respective owners. Web: http://www.netwrix.com Phone: +1.888.NETWRIX (888.638.9749) Address: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652 2 White paper: Self-Service Password Management
  • 3. SELF-SERVICE PASSWORD MANAGEMENT: The Cost-Effective Option So Many Passwords, So Little Time... In today's complex IT environments, users typically have multiple passwords to manage for a variety of applications or access levels. Eighty percent of all users have 3 or more passwords to manage, but many more are possible depending on their system access needs (Safenet 2004). Users end up jotting passwords on note paper, thus threatening the security of the system, or they simplifying life by reusing passwords or choosing weak ones where the system permits, even though these are unsafe security practices. Meanwhile, security-minded IT organizations often implement strong password measures which inadvertently add to the burden, requiring users to recall complex formulations and change them frequently. Compliance with auditing and regulatory requirements, such as Sarbanes-Oxley and HIPAA, further tighten the password security net and in turn, further confound the user. Quite simply, password practices that improve security are by their nature burdensome to the user, resulting in passwords difficult to remember which are often changed about the same time they have finally become memorized. Yet password security remains a cornerstone of system security: as much as 80% of security breaches take place not through arcane hacking and virus attacks, but through system infiltration facilitated by use of a password. It remains in the best interests of the organization to have strict password requirements that mitigate against system access by hostile parties. These are also the kinds of passwords best designed, it seems, to be forgotten by busy and distracted users. Given this environment, it is no surprise that industry analysts find that 30% of all help desk calls across the industry are about password issues, at a cost averaging $30 to $60 per call. This support cost when multiplied across an organization can be huge. While necessary to system security, troubleshooting passwords is a large time sink for system administrators or help desk staff. This low-level, repetitive activity siphons valuable support resources away from higher- priority or more productive tasks. Self-Service Reset Utilities The solution that has evolved for this problem is the self-service password reset utility. At their simplest, products of this sort enable the user to reset a password or clear an account lockout independently of the help desk, typically through a browser-based portal. Some versions of this product require that users first find a browser to use, which they are unable to do at their desktop, because they cannot log into their system and gain access to their own browser. A common solution to this problem is for the user to access a special kiosk system installed nearby in the workplace, or to interrupt a colleague for a few minutes to use his or her computer for a few minutes. The better designed reset utilities are activated by a link from the user's logon prompt, so the individual can proceed with their troubleshooting from their own desk. Self-service reset 3 White paper: Self-Service Password Management
  • 4. products rst validate the user as someone authorized for access to the system. Then the user is walked through a password change dialog that instantly resets their password and unlocks their account if needed without further intervention from the help desk. User Validation Most reset products validate the user via a data match from a prole previously set up by the user. Typically, the user will have answered multiple personal questions such as favorite pet's name or rst street lived on, and one or more of these questions are presented to the user by the reset utility. To guard against unauthorized access attempts, the more exible reset systems can be set to lock out someone repeatedly entering incorrect answers to these validation questions. The questions are generally pre-selected by the system administrator who set up the reset product, although some allow the user himself to choose what questions he prefers to answer. To load a prole database with user information, an IT department usually introduces the self- service solution to end users with an email and one-click links to the process. Yet no matter how many admin emails are sent out, some portion of users will fail to set up a password profile if it is a voluntary process. This issue can be avoided with profile preloading, in which an organization may load the profile database with HR data such as SSNs or mothers' maiden names. In this manner, users will have their profiles already established even if they have never used the system before. Another way around this user roadblock is to employ enforced enrollment: some reset products can be set up to require all users to establish their verification profiles during an initial logon. Less commonly, some systems require telephone voice verification, or offer biometric validation of the user's identity. Approaches such as biometrics offer an extraordinary degree of security in certain settings, such as, for example, where access to sensitive R&D work or business intelligence is guarded. The trade-off for that degree of security is the additional expense of the biometrics system, and the additional administrative burden of mapping biometrics for a changing user base. This may be worthwhile in some relatively static places of employment, but in settings such as educational institutions or the shifting population base of e-business, biometrics are as yet an impractical tool to use with a remote or changing user population. Validation data must be stored somewhere, and some solutions utilize Active Directory for this, either with or without schema extension. However, this is not a recommended practice for data integrity, since AD is not designed to be a catch-all space to load proprietary data from different vendors. Better-designed products store sensitive data in secure local storage and never touch Active Director or alter schema. The Reset Process Once the user is validated, a dialog prompts for the creation of a new password. This password is checked against password construction rules that have been established by IT management. Parameters such as necessary alphanumeric combinations, length, and whether or not the word 4 White paper: Self-Service Password Management
  • 5. has been used within a past timeframe are checked. When a valid password has been created that conforms to system requirements, the utility automates the reset process within the network operating system, eliminating the need for the hands-on administration that is a multi-step process when done manually. If an account has been locked, that lockout is also cleared, and the user is free to log in once more with the new password. Benefits The immediate benefit of a self-service password reset is that users can resolve their problems themselves and get on with their tasks without having to wait for help desk service. It is quick, easy, and convenient to use, and can be employed at any time of the day or night, regardless whether IT support staff is present or not. User productivity is increased, for there is no down- time while waiting to re-gain systems access. And while an improved user experience and higher satisfaction certainly have value, even more advantages accrue to the organization from the IT management point of view. Help Desk Self-service password reset systems offer immediate payoff at the IT help desk. In some shops, the overall volume of calls may be reduced by 30%, freeing up expensive IT resources for more vital tasks. In other shops, where there are often wait queues on the phone or a high volume of call-backs needing service, the help desk is able to focus more exclusively on technically significant issues -i.e., matters that have a correspondingly greater impact on user productivity. While the latter is more difficult to quantify, the impact of the former can be tracked by simple ROI calculators that reckon the labor costs saved by reduced call volume alone. See References for an example. Compliance Another benefit to password reset automation comes in the improved ability to comply with HIPAA, Sarbanes-Oxley, and Gram-Leach-Bliley. The auditing requirements of these regulations demand that an organization be able to maintain secure access to data, and track who has what access when. Password management solutions are a simple way to facilitate this, since they can create extensive audit trails to track and analyze all password changes and usage in the system. Because these solutions manage password complexity rules, they also help enforce password policies established to meet compliance requirements. From the human management standpoint, once users can easily resolve access problems, it is easier to get them to comply with password practices and to maintain higher security standards throughout a system. In the end, the organization is in better compliance with legal requirements for access and security, and costs are reduced by the automated tracking and reporting of audit information. 5 White paper: Self-Service Password Management
  • 6. Strategic Service and Best Practices Organizations that use best-practice frameworks such as COBIT or ITIL will also benefit from the use of a self-service password reset solution. Help desk or service desk management plans must take into consideration where and how resources are allocated to perform necessary tasks. A simple product that frees up 30% of the low-level activity of a help desk is a powerful solution for the strategic management of IT resources. When incorporated into a best practice service strategy, a solution of this sort may offer unexpectedly large benefits in the long term. Conclusion The self-service reset of forgotten passwords and account lockouts offers cost-effective management of the most common user problem in virtually every IT-using organization. Password Manager from NetWrix offers a self-service solution that incorporates the best of the reset solution design features. Easy to use and simple to deploy, Password Manager allows for database preloading of user validation information so users with problems can be self-assisted from Day 1. The product can be configured for enforced enrollment, guaranteeing that all users will go through the validation information process before logging on to the network. Password Manager partitions its data management cleanly, storing sensitive information in a local secure database and enabling resets without making alterations in Active Directory schema. NetWrix Password Manager uses a Windows Logon Extension to give users a self-help link to follow from a failed logon: users do not need to seek out a functioning browser, but can continue their problem-resolution at their desktop. In the occasional instance where a user may not be able to help themselves -when, for example, they have forgotten their verification answers -the NetWrix solution includes the help desk portal. This connection is part of a common framework for making password resets according to established password policies. This pre-qualifies the exact nature of a user's problem and improves help desk efficiency when assisting with the reset problem. For more information on NetWrix Password Manager product, visit this link where there is also a free downloadable ROI spreadsheet for calculating cost savings effected by utilizing this self- service password reset product. References NetWrix Corporation: ROI Calculator for self-service password reset. Downloadable at: http://www.netwrix.com/password_manager.html. Safenet, Inc. "2004 Password Survey." Safenet-inc.com. http://mktg.safenet-inc.com/mk/get/pwsurvey04 6 White paper: Self-Service Password Management
  • 7. About NetWrix Corporation Established in 2006, NetWrix Corporation provides innovative and cost-effective solutions that simplify and automate the management of Windows networks. With in-depth knowledge and experience managing Windows environments of all sizes, the company delivers solutions to meet complicated business requirements while fulfilling the best expectations of IT professionals. Contacting NetWrix Toll-free Phone: 888.638.9749 Web site: www.netwrix.com Address: 140 E. Ridgewood Ave Suite 415 South Tower Paramus, NJ 07652 Contacting NetWrix Support Technical support is available to customers who have a trial version of a NetWrix product or who have purchased a commercial version and have a valid maintenance contract. Contact NetWrix Support at http://www.netwrix.com/support. 7 White paper: Self-Service Password Management