Searching around, I've seen some of these items have been requested for quite some time. One of these capabilities has actually been removed. I thought I would bring them back up again.
Things that my organization needs:
1 - Implement password policies. Being military, we have some pretty strict password policies. Many are required for any DoD system. SolarWinds does not allow for implementation of any of them. A good example of a policy is requiring users with any elevated rights on any DoD system to change their password every 90 days. Another good one is not allowing previous passwords being used. On top of that, enforcing strong passwords.
2 - Users able to change their own password at any time WITHOUT any type of elevated rights.
3 - Password reset/recovery system of some sorts. Upon first login, require the user type a challenge question and answer along with changing their givien default password.
4 - Account lockout after multiple incorrect password attempts.
There has been a big push for Active Directory integration. The problem with this is AD control is no longer in the hands of the base. The same thing with CAC-logins. We can't integrate in AD or make our system CAC-enabled because of certain circumstances. Not to mention, the AFNOC has already crashed the server once by pushing mandated patches.
I have to say that SolarWinds does what it is intended to do very well for us. However, the more I dig into tweaking our setup, the more I realize that SolarWinds is severely lacking in basic security features for an IT system. What makes that so alarming is what can be done to a network if NCM is installed. Unfortunately, I'm having to brief leadership on these issues and they are not happy.
Top Comments