- Servers, network devices, databases
and applications:
- Numerous.
- High value.
- Heterogeneous.
- Workstations:
- Mobile -- dynamic IPs.
- Powered on or off.
- Direct-attached or firewalled.
|
- Every IT asset has sensitive passwords:
- Administrator passwords:
Used to manage each system.
- Service passwords:
Provide security context to service programs.
- Application:
Allows one application to connect to another.
- Do these passwords ever change?
- Plaintext in configuration files?
- Who knows these passwords? (ex-staff?)
- Audit: who did what?
|
