Customizing Roles For Your Company – Part One

10 05 2013

Secret Server uses Roles and Permissions to control access to various capabilities within the system.

In this two part blog post we will review how to set up customized roles and permissions to meet your company’s security policy.

Roles in Secret Server control what a user is allowed to do in the tool. Secret Server ships with three default Roles:
1. Administrator, which has the ability to perform any task.
2. User, which allows basic functions such as create, edit and viewing of Secrets.
3. Read Only User, which only allows a user to view Secrets and Audit Reports without edit capabilities.
Although Secret Server can be used right out of the box with these default Roles, each company should personalize the Roles to fit individual company needs.

Role

The default Roles can be edited and new Roles can also be created. For example, administration tasks can be delegated to different Administrators without giving them full control of the system (for example: Backup Administrator, Secret Template Administrator, Role Administrator and so on). An Auditor Role can also be created to give a user limited access to the system – such as to view Reports and to check compliance settings without having access to sensitive information. For more information on Roles, see our Secret Server Best Practices Guide (requires valid support).

Auditor Role

In the next part of this post we will go over how to set up permissions to control access to Secrets and Folders.


Comments : Leave a Comment »
Tags: , , ,
Categories : Uncategorized

Restricting User Input for Launcher

3 05 2013

A new feature in Secret Server is the ability to control which servers users are able to connect to using a Launcher. This can be done by specifying a list of machines or servers on a Secret in a notes field. This list can either be a whitelist or a blacklist of servers the Launcher is able to connect to.

When configured as a whitelist, a list of possible servers will be presented for users to select to launch. This prevents users from logging in to places they should not be, and adds convenience by not having to remember the name of each server.

When configured as a blacklist, this allows users to enter the machine or server name as they normally would, however would prevent them from connecting to those machines which are blacklisted. This will prevent unauthorized use of credentials in your environment.

RDP1

Enabling this feature is simple through Secret Server. Navigate to Administration, Secret Templates, then select any template with a Launcher attached such as the Active Directory Account or Windows Account Template and click Edit. There, you can select Configure Launcher, and Edit.

In the Advanced section, enable Restrict User Input by checking the checkbox, and configure accordingly. When mapping a field to Restrict By Secret Field, specify a field from the template. The values for the whitelist or blacklist will be based on that field for Secrets, and can be comma separated to specify multiple machines or servers.

RDP2

Then it’s configured.


Comments : Leave a Comment »
Tags: , ,
Categories : Secret Server, Tips & Tricks

Taking Web Password Filler On The Road

23 04 2013

The same Web Password Filler that you use on your desktop browser is also available for your mobile devices.

For iPhones and iPads, first you will want to create the Web Filler on Safari on your Mac desktop, then after using iCloud Bookmark sync with your iPhone the Web Password Filler will be ready for use.

After signing into Secret Server on your phone, browse to the site that you want to log in to. Once there, open your bookmarks and select the Web Password Filler. This will make the it appear exactly how it appears in the desktop browser.

IphoneWF

For Android devices, using Opera Mini and Opera Link Secret Server’s Web Filler is available for your Android device. To begin, set up create a free Opera account and on the desktop version of Opera create the Web Filler Bookmark. Next in Opera Mobile on going into settings and enable Opera Link, this will sync your bookmarks to your Android phone. Once the account is synced, sign in to your Secret Server account. Then browse to site that you wish to log into and select the Web Filler
from the bookmark menu.

AndroidWF

This makes it more convenient than ever to log in to your favorite websites when on the go.


Comments : Leave a Comment »
Tags: , ,
Categories : Secret Server, Tips & Tricks

Integrated Windows Authentication and Two-Factor Authentication

11 04 2013

In Google Chrome and Internet Explorer with Integrated Windows Authentication, enabled users are automatically signed in to Secret Server when they visit the site using their Active Directory credentials. This feature reduces the number of passwords that a user has to type, and the possibility of a forgotten password. This also allows domain administrators to specify a password policy that Secret Server will adhere to, such as password strength and password history.

Radius Configuration

Two-Factor Authentication in Secret Server forces users to enter another form of authentication on login, such as a pin or token. Secret Server comes with its own built-in email two-factor authentication, and supports the existing infrastructure to make use of RADIUS two-factor systems. This adds another layer of security to user accounts, however, it increases the number of steps required to access Secret Server. Using two-factor authentication helps prevent a scenario where a user might walk away from a workstation while logged in and an attacker could walk up to it and login to Secret Server.

B2


Comments : Leave a Comment »
Tags: , , ,
Categories : Secret Server, Security

Thycotic Software Releases Revolutionary Two-Factor Authentication System

1 04 2013

Being in enterprise password management, we understand the importance of user authentication in information security. The AssWord Pad 1.0 takes biometrics and multi-factor authentication to a brand new level. Utilizing the latest in gluteal heat mapping technology, we have designed a product that’s sure to keep you safe from cyber threats.

Watch the video below to learn more about this incredible new product from Thycotic Software.

Oh yeah, and Happy April Fools Day from the entire Thycotic Team.


Comments : 2 Comments »
Tags: , ,
Categories : Uncategorized

Secret Server Copy-To-Clipboard for Google Chrome and Mozilla Firefox

26 03 2013

The Mozilla Firefox add-on and the extension for Google Chrome allows values from Secret Server to be copied directly to the clipboard. This allows for ease of access when a user needs to apply information from Secret Server to other locations, however, clipboards generally do not clear the data that was copied.

How do you protect your Secret data from being stolen from your clipboard? Secret Server’s Copy-To-Clipboard extensions add an extra layer of security to your clipboard by allowing the configuration of an automated schedule to clear the clipboard, so that the clipboard is cleared when exiting the browser. Each clipboard extension has a section that allows you to configure these options.

Copy-to-Clipboard

This makes it safe to use your clipboard and know that if you walk away from your computer for a few moments, someone won’t be able to take a password from your clipboard. It also helps prevent the accidental pasting of sensitive information into unsafe places, such as a chat client or email.

Currently, these security options are only available in the Firefox and Chrome extensions. Stay tuned for this functionality in Internet Explorer.


Comments : Leave a Comment »
Tags: , , ,
Categories : Secret Server, Tips & Tricks

New Webinar – Easily Manage and Secure all your Windows local administrator passwords

13 03 2013

Use discovery to quickly find all your local Windows administrator accounts – import them into the Secret Server vault (even if you don’t know the current password). Then set a schedule (30, 90 days etc.) for regular password changing and never worry about those passwords again.  Whenever a sysadmin needs a password, they just come to Secret Server to find it.  Using Discovery Rules allows all of this to be automated.

Join us for this Webinar on Thursday, March 28th 2013 at 11:30am EST (requires active support). This will be the first of a new Webinar series that will happen on the 4th Thursday of each month.  Change your email preferences to receive updates about these upcoming webinars.

These webinars will also be recorded so you can view them after the event or share them with your team members.  Each Webinar will have two engineers speaking about best practices, features, security and general problems you can solve using Thycotic products.  If you have specific items you would like to see covered, please email your Account Manager.

Thanks, Kaitlin.

Image


Comments : Leave a Comment »
Tags: ,
Categories : Uncategorized

« Previous Entries


Follow

Get every new post delivered to your Inbox.