"Obviously changing those passwords on a scheduled basis took a lot of time and energy," he said. Now it's automated, he said, something that saves a lot of time and energy when it comes to working with about 600 licenses and 75 servers at a 170,000-member credit union with 15 branches in 10 counties.

"We wrote up an explanation on what it would mean if all our systems had the same password and somebody was to find what it was. They could get into any of our systems and do whatever they want, if they knew what they were doing," he said. Now, a Web-based interface with an easy-to-learn menu system provides regular password changes, "It's raised the bar for anyone who tries to gain that type of access."

Rather than just log-in and password, the system also integrates log-ins with Active Directory functionality, allowing log-ins with regular network credentials and then controlling access to the new network passwords in the appliance. "We can tell the system who can get in and what passwords they can get access for. It also keeps an audit trail of all that," Allington said.

The e-DMZ solution protects UNIX and Windows systems at EECU right now and could be expanded to SQL-driven servers, Allington said. He said the credit union also is considering adding another e-DMZ module, a session-management tool.

The company's chief salesman endorses that idea. "We've had customers tell us that by using this, they have saved thousands of man hours in a forensic analysis that they spent digging through systems logs trying to rebuild what happened after someone just loaded a patch," said Marty Ryan, vice president of sales and marketing at e-DMZ Security in Wilmington, Del. He said the password- and session-management solutions address a problem that can exist at a lot of credit unions and many other organizations.

–[email protected]