Printer Friendly

Lock the network's back door: secure remote-management appliances provide visibility and control, even during a network outage.

The security of enterprise IP networks has been enhanced in the last decade through the adoption of technologies such as directory systems, authentication/authorization/accounting, logging and encryption. More recently, enterprises have undertaken major projects to move access and tracking security to a more comprehensive model called identity and access management (IAM), which securely manages user identities and access rights across multiple business functions and applications.

As organizations embark on IAM projects to evolve access management for production networks, there is a method of access that, in many cases, lacks the existing protection measures. Should the network connection be lost, one of the most comserver, monly used forms of access control is through out-of-band (00B) connections, which have been largely unaddressed from a security standpoint. The OOB connection acts as the back door to provide a secondary means of accessing devices and systems when the primary connection has been lost.

OOB connectivity for remote console management, however, has not seen the same degree of security improvements that have been made to production networks.

For example, access to an OOB connection may require only a static user name and password, and the connection may not be encrypted.

Since the remote administration requires access to the device console, if the unsecure OOB connection is hacked then the hacker has console access to the network equipment and/ or servers.

One of the country's largest savings and loan institutions was faced with the challenge of effectively managing and securing multiple branch offices. The result was overwhelming the bank's small IT operations and support team in maintaining control of internal security threats and ensuring only the right users had the right access to devices and systems.

Installing a secure remote-management appliance gave the IT staff the visibility and control to guarantee security and bank management policies were always enforced, even during a network outage. Risks were reduced by minimizing the threat of insider abuse and unauthorized access to the bank's IT systems through multifactor authentication capabilities. This process satisfied the need to protect root passwords by providing command-level access control and simple role-based permissions, ensuring the right users were getting the right access to the right network devices.

Unauthorized access was further prevented by automatically logging out of console sessions that had been idling for a designated amount of time. Every keystroke and device response of every user session is now logged, enabling IT operations to track the impact of changes and to provide complete audit reports detailing who was responsible for the changes and when they occurred. The secure remote-management appliance also encrypts communications for all command line interaction with the device console, using the SSH-2 standard. Secure remote-management appliances bring new functionality and intelligence in what has traditionally been a dumb console server. These appliances take an integrated approach to solving the OOB security predicament by locking the back door to ensure internal security and management policies are always enforced, even during a network outage.

Secure remote management combines the localized control and connectivity of a console server with the intelligence of an enterprise software solution. This appliance "front-ends" a remote site's equipment by safeguarding against the vulnerability of the OOB dial connection, allowing only outbound dialing or answering calls if the primary connection has been lost.

Barry Cox is the chief

technology officer at

Uplogix, Austin, Texas.
COPYRIGHT 2008 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2008 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Threat Stoppers
Comment:Lock the network's back door: secure remote-management appliances provide visibility and control, even during a network outage.(Threat Stoppers)
Author:Cox, Barry
Publication:Communications News
Geographic Code:1USA
Date:Jul 1, 2008
Previous Article:Videoconferencing gaining ground.
Next Article:The ABCs of traffic management: deep packet inspection systems let network managers control network traffic flows.

Related Articles
The data center paradox: increasing security at the expense of network performance or compliance is not acceptable.
Are you in control?
Juniper Networks Sets Industry Benchmark with High-Performance 10 Gbps Intrusion Prevention System Appliance.
Juniper Networks Delivers Industry's First Centralized Network and Security Management for Routing, Switching and Security.
Juniper Networks Delivers Industry,COs First Centralized Network and Security Management for Routing, Switching and Security.

Terms of use | Privacy policy | Copyright © 2019 Farlex, Inc. | Feedback | For webmasters