Lock the network's back door: secure remote-management appliances provide visibility and control, even during a network outage.
As organizations embark on IAM projects to evolve access management for production networks, there is a method of access that, in many cases, lacks the existing protection measures. Should the network connection be lost, one of the most comserver, monly used forms of access control is through out-of-band (00B) connections, which have been largely unaddressed from a security standpoint. The OOB connection acts as the back door to provide a secondary means of accessing devices and systems when the primary connection has been lost.
OOB connectivity for remote console management, however, has not seen the same degree of security improvements that have been made to production networks.
For example, access to an OOB connection may require only a static user name and password, and the connection may not be encrypted.
Since the remote administration requires access to the device console, if the unsecure OOB connection is hacked then the hacker has console access to the network equipment and/ or servers.
One of the country's largest savings and loan institutions was faced with the challenge of effectively managing and securing multiple branch offices. The result was overwhelming the bank's small IT operations and support team in maintaining control of internal security threats and ensuring only the right users had the right access to devices and systems.
Installing a secure remote-management appliance gave the IT staff the visibility and control to guarantee security and bank management policies were always enforced, even during a network outage. Risks were reduced by minimizing the threat of insider abuse and unauthorized access to the bank's IT systems through multifactor authentication capabilities. This process satisfied the need to protect root passwords by providing command-level access control and simple role-based permissions, ensuring the right users were getting the right access to the right network devices.
Unauthorized access was further prevented by automatically logging out of console sessions that had been idling for a designated amount of time. Every keystroke and device response of every user session is now logged, enabling IT operations to track the impact of changes and to provide complete audit reports detailing who was responsible for the changes and when they occurred. The secure remote-management appliance also encrypts communications for all command line interaction with the device console, using the SSH-2 standard. Secure remote-management appliances bring new functionality and intelligence in what has traditionally been a dumb console server. These appliances take an integrated approach to solving the OOB security predicament by locking the back door to ensure internal security and management policies are always enforced, even during a network outage.
Secure remote management combines the localized control and connectivity of a console server with the intelligence of an enterprise software solution. This appliance "front-ends" a remote site's equipment by safeguarding against the vulnerability of the OOB dial connection, allowing only outbound dialing or answering calls if the primary connection has been lost.
Barry Cox is the chief
technology officer at
Uplogix, Austin, Texas.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Threat Stoppers|
|Comment:||Lock the network's back door: secure remote-management appliances provide visibility and control, even during a network outage.(Threat Stoppers)|
|Date:||Jul 1, 2008|
|Previous Article:||Videoconferencing gaining ground.|
|Next Article:||The ABCs of traffic management: deep packet inspection systems let network managers control network traffic flows.|