Securing Network Passwords

We have many passwords in our network.

I need some recommendations on how to manage them, so a developer who works for our company temporarily

1, doesnt have knowledge of the passwords,
2. doesnt have the ability to change the passwords without our knowledge

They are as follows:
Core network passwords:
1. Webserver (3 all together) HTTPS/SSH/MySql --(LAMP Environment)
2. Wordpress
3. Application servers (SSH, MYSQL)
4. Windows Servers (Application passwords--probably have to figure that one out by vendor)
5. Mikrotik Router--may have figured that one out
6. VMWare server


Edge
1. Mikrotik Routers
2. Linux server SSH and HTTPS for the application
KoolandrewAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KoolandrewAuthor Commented:
One other part of this question

3. Is there a way of giving him one password so he can access the requisite servers.

I understand that their are radius servers to manage this stuff, but it might be overkill, particularly when most of applications dont read from a radius server for http or https logins.
Mark PaceDIRECTORCommented:
Seriously we use LastPass. Damn brilliant.
For $2 per month you get mobile and enterprise edition where you can share passwords and logins and even stop the users from seeing the passwords
Encrypted at PC and is really reliable.
Love it

Take a look
https://lastpass.com/f?3249526
Kash2nd Line EngineerCommented:
can you not set up an access user with LEAST PRIVILEDGE rule. This would be the best way.
Once the freelancer is gone, you can disable the user.

I don't see any reason a developer would need superuser access rights to develop a wordpress website.
Unless they are doing much config changes, I don't see any reason for them to access the DB backend which is linked to WP website.
Hope this helps.
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Mark PaceDIRECTORCommented:
Ps. LastPass works with two factor as well and can have it so it only has access from specified and allowed devices so even with A known password the person can't go home and login.
KoolandrewAuthor Commented:
Hi,

i am not sure if you saw that there were two parts to the question.

Regarding last pass, does it work with ssh/mysql (ie myphpadmin access) as well?
Also, what happens when the user goes to the website, and changes the password himself,,,,,,,i doubt that last pass can prevent that from occurring?

Wordpress is one small part of this question and i am not clear about your answer.
dinoosCommented:
KoolandrewAuthor Commented:
These are good solutions for passwords to websites. It is only a little bit better than what most browsers offer.

It doesnt help if the employee goes and changes the password to the vendor website.

And it doesnt help with the other types of log ins. such as ssh, as i have listed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mark PaceDIRECTORCommented:
If user has rights to change password LastPass will prompt to update the database. When shared with you for example, and you try login , it will have updated password.
Happy to give you a demo.
Works with all websites.
I using it for secure encrypted notes, auto form fill and credit card info too.
KoolandrewAuthor Commented:
There many issues here, two of which i would like to address.

I have many softwares that are hosted by the vendor in a "cloud" format, and they are not sophisticated to have several different user levels. If i provide access to that site, and they decide to change the password, they would be able to without me knowing. Please tell me how Last pass would know that on a web page...maybe they would, i am just surprised. Either way, unless i know they did it, i will not be able to prevent them from now logging in from their own computer of choice and screwing up the work, vs. them using a computer that has this software installed?

Secondly, how will this help with ssh etc.

I would imagine it is for web pages only?
madunix (Fadi SODAH)Chief Information Security Officer Commented:
Generally; make sure that you have a good policy. Information security policies provide basic guidelines for security admin to operate:
• Users assigned unique passwords
• Users required to change the passwords on a periodic basis
• Passwords should be encrypted and not displayed on the computer screen when entered
• If wrong password is entered a predefined number of times, typically three, the logon ID should be automatically locked out.
• Establishing a system that does not accept an old password as a new password
• Change the system configuration to enforce strong passwords
• An automated password management tool be used
KoolandrewAuthor Commented:
didnt answer the full question
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.