We installed the Vault Server on a Windows 2003 SP1 Dual Xeon 3.0 with 3 GB of RAM. An identical server running Ubuntu Linux and VMWare Server was loaded with Windows Server 2003 SP1, and the Web interface, client and CPM. Setup was quick and painless. The included documentation wasn't even necessary, as each step of the installation is straightforward.
The vault stores everything (even configuration files and settings) using AES 256-bit encryption and SHA-1 for hashing. Although SHA-1 has some cryptographic weaknesses, it's used to verify data already inside of the encryption and therefore not susceptible to some attacks. Still, Cyber-Ark says it's investigating moving to more secure SHA-256 or other protocols. The vault is further protected by an automated hardening process that locks down default settings during the installation. EPV, like most of its competitors, includes a built-in firewall. However, instead of the hardware firewall offered in Symark's and e-DMZ's appliances, EPV's firewall is loaded as a network driver to provide additional protection against attacks to the vault.
EPV's biggest strength is the CPMs' ability to change passwords on their own. Although competing products also provide this capability, EPV is especially flexible. The CPM is loaded with scripts that let it remotely change passwords on a variety of OSs and devices, and the samples can be used to create your own password-changing script. With these scripts and a configuration defining exactly how often to change the password, the EPV and CPM can continually rotate random passwords. Administrators can log in to the server over the Windows client or the Web interface to check the current password. That said, we found it easier to change passwords on our Windows server than on our Linux server.
Cyber-Ark has improved EPV's Web interface. Meant to provide access to the passwords without having to install a bulky GUI, the interface was designed with both Firefox and IE in mind. Despite a few minor presentation flaws, the Web interface is strong. It makes good use of Dynamic HTML to re-render portions of the page without reloading and keeps your most recent and most frequently accessed passwords quickly and easily available from anywhere. The Web interface would benefit from high-level browsing that's possible with the Windows client. Although all Safes and passwords aren't visible from the Web interface, a search box provides quick access if you remember what to search for.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
