Beta Man
Round and Round the Passwords Go
Lieberman Software's Roulette is an elegant and effective password-management tool.
- By Peter Varhol
- 09/01/2007
Dealing with password administration is a pain in the neck. We all juggle a
dozen or more passwords, most of which we have to change on a regular basis.
Most of the time, we can choose a password that we can actually remember, as
long as it meets certain restrictions. Other times, we'll have a password assigned
to us that's often a random jumble of letters, numbers and special characters.
If it's hard on the users, imagine how hard it must be for help desk, application
and network administrators. The help desk ends up spending a good part of its
time diagnosing password issues and resetting forgotten or expired passwords.
Security is still compromised because users have so many passwords that they
must resort to writing them down on a piece of paper and sticking them in their
wallets. Or worse yet, they tape them to the desktop next to the computer keyboard,
accessible to anyone passing by.
How many systems do those accounts access, and for what purpose? On a large
network, it's easy to lose track of the privileges afforded any particular domain
or admin account. You change a password on an account, and all of a sudden an
obscure but important application doesn't work.
How about password length? We typically don't pay a lot of attention to how
long our passwords are, but there are now hashes available that can break shorter
passwords in minutes. The lack of standards for password length and composition
is the world in which Lieberman Software Corp.'s Roulette plays.
Roulette randomizes passwords and updates an account's password everywhere
the account is used across an entire enterprise network. It makes those passwords
available through a Web portal so that users don't have to remember random password
combinations. It also logs password check-outs and check-ins so that auditing
is automatic.
Easy Setup
The software installs easily on a Windows 2003 Server. It requires a SQL Server
or MSDE database connection to complete the configuration. I configured a connection
to SQL Server, installed and started the accompanying Windows service, and launched
the software. The first step is to load all of the servers with accounts into
the software. You can add systems manually, from a domain list, from Active
Directory or from an IP range, or you can browse for systems.
Then you'll set up the Web site. The Web site gives you a simple and convenient
interface for checking out account passwords. Simply log in to the Web site
and check out a password for a specific account. You can also request an amount
of time required for the checkout. If you exceed that time limit, you either
ask for an extension or the password is changed and you're locked out.
Roulette also propagates new passwords across the network. It searches out
each of the systems it knows about, finds the specified accounts and performs
tasks based on defined jobs. If you change a password once or have a regular
change routine, Roulette will generate a new set of passwords and update all
accounts. Lieberman Software told me they change their system passwords on a
daily basis.
Roulette also reports on where you stand with accounts and passwords across
the network. It lists all accounts and gives you a summary report. You can see
when system accounts were last accessed and by whom. If an account has never
been accessed, for example, you might want to check it out to see if it's even
needed.
This version of Roulette is combined with the Lieberman Random Password Manager,
which actually generates the passwords. Lieberman hasn't determined the version
number yet, though the release itself is scheduled for the fourth quarter of
2007.
It's not a sexy application, or even a sexy problem, but you can get excited
about how well Lieberman has thought through the problem and arrived at such
an elegant solution. For sheer utility, you couldn't do what Roulette does manually.
You could write scripts to accomplish some of these tasks, but they'd likely
be incomplete and difficult to maintain. If password management across many
servers is one of your management headaches, Roulette is the right aspirin.
About the Author
Peter Varhol is the executive editor,
reviews of Redmond magazine and has more than 20 years of experience as a software
developer, software product manager and technology writer. He has graduate degrees
in computer science and mathematics, and has taught both subjects at the university
level.