Lieberman Software’s Integration of nCipher’s Hardware Security Module Revolutionizes Password Security
Los Angeles — April 7
Lieberman Software has integrated nCipher’s nShield dedicated hardware security module (HSM) with its Random Password Manager and Roulette service account password management solutions. This integration allows local passwords randomized by these products to be secured in a tamper-resistant hardware environment, enabling them to be more effectively managed and safely stored. Lieberman Software is the first commercial ISV to utilize HSM technology as a method for securing sensitive password data in a commercial off-the-shelf application.
“This partnership with nCipher demonstrates that we believe that our customers should have the option of using the most secure method possible for storing local passwords utilized by every system throughout the enterprise,” said Philip Lieberman, president of Lieberman Software. “Given that the security of sensitive passwords is integral to the continued operation of an organization, the inclusion of an HSM option in these products was obvious. We’re pleased to be the first ISV to integrate HSM technology and FIPS 140-2 levels 2 and 3 certification options into our password management products.”
Hardware-Based Encryption of Privileged Passwords
Hardware-based encryption key management is an accepted industry best practice because it overcomes the inherent security weakness of using and managing keys in software. nCipher’s nShield HSM provides Lieberman Software’s Random Password Manager and Roulette with a secure key management and encryption subsystem that is independently validated to FIPS 140-2 levels 2 and 3. This is a de-facto security benchmark for cryptographic processing and a mandatory requirement for many organizations.
“Encryption is rapidly becoming a mainstream security tool, and the use of it in the context of password management is a perfect example of how it can protect critical assets. Privileged passwords and other high value account credentials are increasingly identified as a point of risk that requires management attention,” said Richard Moulds, executive vice president of product strategy for nCipher. “The integration of our nShield HSM with Random Password Manager and Roulette provides a tangible security benefit, and we are pleased to work with Lieberman Software in this important area.”
HSM technology has been utilized for years in the government, military and intelligence industries to protect against the security flaws of conventional encryption software. Even when keys are encrypted, software debuggers can locate and access the decryption key, allowing critical data to be compromised. With an HSM, there is no record of keys stored in memory. Instead the keys are stored in a secure device, physically inside of a computer. For Lieberman Software customers, this means that the local administrator and root passwords generated by Random Password Manager and Roulette can be securely stored and protected against unauthorized access.
The newest versions of Random Password Manager and Roulette can interface with any HSM developed by commercial third parties or the intelligence community when a PKCS#11 interface library is provided. Lieberman Software plans to incorporate the optional use of hardware encryption devices into the rest of its product line.
Lieberman Software’s Password Management Solutions
Random Password Manager and Roulette mitigate the security threat created by using common account passwords across all systems in the network. Organizations that deploy their servers and workstations with identical account credentials risk having one compromised password affect the security of the entire network. The Lieberman Software products ensure every system in the network maintains unique account credentials, preventing an unauthorized user from decrypting a local password and gaining peer-level access throughout the enterprise.
Random Password Manager automatically randomizes local administrator and root account passwords on every system in the enterprise and enables temporary recovery of current passwords via a secure and audited Web interface. Roulette is built on the foundation of Random Password Manager, but it also identifies and enumerates every location in the enterprise where every account is used and then automatically propagates password changes to all of these locations. These products support Windows NT/2000/XP/Server 2003/Vista/Server 2008, Linux and UNIX servers and workstations; SQL Server, MySQL and Oracle databases; AS400 and OS/390 mainframes; and Cisco and Juniper hardware devices.
A free 30-day evaluation copy of Random Password Manager is available for download at www.liebsoft.com/index.cfm/products?id=276. Roulette is also available for free evaluation, with configuration and support assistance provided.