Streamline Compliance with your Internal Security Policy by using Secret Server

4 03 2014

Incorporating a new tool into your company’s overall security architecture can be a tricky and time-consuming process. Fortunately, Thycotic Secret Server has a several features that streamline the process of complying with your existing corporate requirements. In this post, we will take a look at a few ways Secret Server can work in conjunction with your existing security policy to improve policy compliance and your user experience.

Enforce Password Compliance with Group Policies

Secret Server’s group policy feature allows you to set polices for local and domain account passwords, such as minimum password age, password length and password complexity. Secret Server adheres to the group policy when changing local Windows or Active Directory passwords. For example, if a password change is attempted with a weak password, Secret Server will return an error message to explain the password complexity requirements. Or, if a password change fails because it was too weak, Secret Server can send an email alert to administrators.

To eliminate the possibility that users will set weak passwords or use prohibited characters, Secret Server can automatically generate passwords using the preset password requirements. The result: secure, randomly generated passwords that are guaranteed to meet your group policy requirements each time they’re changed, whether automatically by using Auto Change or manually by a Secret Server user.

Restrict Access with Restricted Launcher Inputs

Group policy can also be used to restrict remote access to servers, which is a great way to decrease the area of attack for an account. However, with a large number of accounts this can be difficult to keep track of. Secret Server provides the ability to restrict launcher inputs to allow users to only see and connect to machines that have been whitelisted for each account. This simplifies the process for end users, who no longer need to keep track of details of their privileged account access, and allows administers to configure more granular access control in a way that is clear and fully audited.

Simplified Web Password Management

Finally, a policy that we have talked about before is allowing a user’s browser to store credentials. Auto fill for browser credentials is certainly convenient, but it does not provide an audit of usage, making it a bit of a problem for the security department. Instead, organizations can disable the browser’s password auto fill option and add those credentials to Secret Server. Users can then use the Secret Server Web Filler to directly log in to websites. This makes your environment more secure by tracking who accessed each web credential and it ensures passwords are stored securely within Secret Server instead of a user’s individual browser.

Check back next week to hear our team’s recap of RSA 2014 San Francisco.






Taking Web Password Filler On The Road

23 04 2013

The same Web Password Filler that you use on your desktop browser is also available for your mobile devices.

For iPhones and iPads, first you will want to create the Web Filler on Safari on your Mac desktop, then after using iCloud Bookmark sync with your iPhone the Web Password Filler will be ready for use.

After signing into Secret Server on your phone, browse to the site that you want to log in to. Once there, open your bookmarks and select the Web Password Filler. This will make the it appear exactly how it appears in the desktop browser.

IphoneWF

For Android devices, using Opera Mini and Opera Link Secret Server’s Web Filler is available for your Android device. To begin, set up create a free Opera account and on the desktop version of Opera create the Web Filler Bookmark. Next in Opera Mobile on going into settings and enable Opera Link, this will sync your bookmarks to your Android phone. Once the account is synced, sign in to your Secret Server account. Then browse to site that you wish to log into and select the Web Filler
from the bookmark menu.

AndroidWF

This makes it more convenient than ever to log in to your favorite websites when on the go.








Follow

Get every new post delivered to your Inbox.

Join 30 other followers