RADIUS is down and now you can’t log into the core routers. That’s a shame because you’re pretty sure that you know what the problem is, and if you could log in, you could fix it. Thankfully, your devices are configured to fail back to local authentication when RADIUS is unavailable, but what’s the local admin password?
12 MONTHS EARLIER...
“It’s a security risk to have the same local admin password on every device, especially since you haven’t changed that password in three years,” said the handsome flaxen-haired security consultant. “So what we’re doing to do,” he mused, pausing to slide on his sunglasses, “is to change them all. Every device gets it own unique password.”
After much searching of your hard drive, you have finally found your copy of the encrypted file where the consultant stored all the new local admin passwords.
You’ve tried all the passwords you can think of but none of them are unlocking the file. You’re now searching through your email archives from last year in the hopes that maybe somebody sent it out to the team.
An Unrealistic Scenario?
That would never happen to you, right? Managing passwords is one of the dirty little tasks that server and network administrators have to do, and I’ve seen it handled in a few ways over the years including:
- A passworded Excel file;
- A shared PasswordSafe file;
- A plain text file;
- A wiki page with all the passwords;
- An email sent out to the team with the latest password last time it was changed;
- An extremely secure commercial “password vault” system requiring two user passwords to be entered in order to obtain access to the root passwords;
- Written on the whiteboard which is on the wall by the engineering team, up in the top right hand corner, right above the team’s tally for “ID10T” and “PEBCAK” errors;
- Nobody knows what the passwords actually are any more.
So what’s the right solution? Is a commercial product the best idea, or is that overkill? Some of the methods I listed above are perhaps obviously inappropriate or insecure. For those with good encryption capabilities, a password will be needed to access the data, but how do you remember that password? Having a single shared file can also be a problem in terms of updates because users inevitably take a copy of the file and keep it on their local system, and won’t know when the main copy of the file has been changed.
Maybe putting the file in a secured file share is an answer, or using a commercial tool that can use Active Directory to authenticate. That way, the emergency credential store can be accessed using the password you’re likely using every day, plus you gain the option to create an audit trail of access to the data. Assuming, of course, you can still authenticate against AD?
What Do You Do?
Right now I’m leaning towards a secured file share, as I see these advantages:
- the file storage can be encrypted;
- access can be audited;
- access can be easily restricted by AD group;
- it’s one central copy of the data;
- it’s (virtually) free.
But maybe that’s the wrong decision. What do you do in your company, and do you think it’s the right way to store the passwords? I’d appreciate your input and suggestions.