+1-202-802-9399 (US)

Thycotic’s Cyber Security Publication

Find out what’s new in Thycotic Secret Server 8.8! (Hint, it’s got some pretty cool new security features)

Written by Thycotic Team

January 20th, 2015

Thycotic Secret Server 8.8 is coming out later this month. Check out some of its new features.

HSM INTEGRATON FOR ADDED SECURITY

Are you a user of a hardware security module (HSM) who wishes you could integrate it with Secret Server to protect your encryption.config file? It’s your lucky day, because Secret Server 8.8 supports integration with Thales and Safenet Network HSMs in “Silent” mode to protect your Secret Server encryption key. “Silent” mode is a way to communicate with an HSM while preventing it from interacting with users on the server (such as requiring a keycard be scanned by the HSM itself).
HSMs are physically hardened against tampering and can (if operated as independent hardware) be placed in secure locations away from the server, making them a valuable extra layer of security for the encryption.config file that is used to encrypt/decrypt your protected database values, such as passwords. HSMs vary based on model and provider, so integrating them with Secret Server may require reconfiguring the HSM. Check out the HSM KB here: HSM Integration

SSH AUTHENTICATION SUPPORT

Version 8.8 also brings SSH public key authentication support. Now, a private key and its passphrase can be added to a Secret and used to authenticate a user for launchers, Discovery, and remote password changing. SSH public key authentication is a feature found within SSH that adds a good extra layer of security for accounts on UNIX-based machines. If it is enabled, only clients in possession of the private key are allowed to connect to servers that have the corresponding public key. It is a good idea to encrypt the private key with a passphrase; this will require any remote connections to A) have the public key on the client machine and B) type in the passphrase to connect.

DEPENDENCY IMPROVEMENTS FOR SERVICE ACCOUNTS

Dependencies are now displayed in a grid which is searchable/filterable and scale better as you have more of them. During a Service Account password change, Secret Server will now attempt to unlock the service account by using a privileged account that you can assign to the service account Secret. This ensures service accounts will not be locked out during a password change.
As another addition, SSH and SQL scripts are now dependency options, and SSH dependencies also support public key authentication as mentioned above.

REMOTE PASSWORD CHANGING: OFFICE 365, POWERSHELL, SAP

Secret Server comes with a new password changer: Office365. Check out the KB article on how to set this up: http://goo.gl/s7YTys. Support for PowerShell password changers has been added, and the SAP password changer has been updated to run on 64-bit application pools and support the new SAP .dlls (which you’ll need to install on your Secret Server instance).

PHASING OUT WINDOWS SERVER 2008 (NOT 2008 R2)

One final major note about this release – after 8.8, Windows Server 2008 will no longer be a supported operating system. Server 2008 R2 will continue to be supported, however.

SHARE THIS


The following two tabs change content below.

Thycotic Team

We deploy smart, reliable, IT security solutions that empower companies to control and monitor privileged account credentials and identities.