Professional Documents
Culture Documents
Cyber-Ark Password Vault
Cyber-Ark Password Vault
• Common practices:
– Storage: Excel spreadsheets, physical safes, sticky notes,
locked drawers, memorizing, hard coded in applications and
services
– Resets: Handled by a designated IT members, call centers,
mostly manual
– Known to: IT staff, network operations, help desk, desktop
support, developers
• Common problems:
– Widely known, no accountability
– Unchanged passwords
– Lost passwords
– Same password across multiple systems
– Simplistic passwords – easy to remember
– Passwords not available when needed
Key Business Drivers
Vault Safes
(Local Drive or SAN)
Cyber-Ark
Vault Server
LAN, WAN,
INTERNET
Password Vault
Architecture
2
Central Password Manager is periodically
regenerating new passwords for all
managed accounts on all relevant systems
Password
and/or Directory Servers and then stores a
Windows
Vault copy of the new passwords within the Vault
Servers
Desktops
Disaster
Recovery Site
Main Frame
Application Passwords
• Scripts
– Shell, Perl, Bat, Sqlplus…
• Applications
– Custom developed C/C++, COM, Java, .NET code
– Application Servers (WebSphere, WebLogic…)
• Products
– IT Management
– ETL tools (Informatica, etc…)
Hard-Coded Password
Embedded in Code
.
.
UserName = “app”
Password = “asdf”
Host = “10.10.3.56”
ConnectDatabase(Host, UserName, Password)
.
Work with database
.
source1.vbs
.
.
UserName = “app”
Password = PVToolKit(“Vault.ini”,“User.ini”,“Safe”,“Root\Password”)
Host = “10.10.3.56”
ConnectDatabase(Host, UserName, Password)
.
Work with database
.
source1-new.vbs
Requirements for
Privileged Accounts
Management Solution
Exceptionally secure solution for the keys of the
kingdom
David Adamczyk
Channel Sales Manager
Cyber-Ark Software
david.adamczyk@cyber-ark.com