Secure Console Port Access via Out of Band AND Dial-Up

Sometimes, it’s nice to have as many alternatives as possible; especially when you’re talking about a console server. When your network is down, a console server with an out of band management solution often provides the only way to access command functions on remote network devices, without a long, expensive trip to a remote network facility. With that in mind, it’s good to know that WTI console server products provide two different means for accessing command functions on remote network devices: via out of band network, or via dial-up modem.

Although it’s great to have several options for communication with remote network devices, it’s also important that those communication options are as secure as possible. That’s why WTI console servers include multiple levels of security for both out of band network communication and dial-up communication.

When communicating via out of band network, access to console server functions is protected by a user password directory, and user authentication is assured by the presence of LDAP, TACACS+, Kerberos and RADIUS. And if that isn’t good enough, you can also protect command access by filtering IP addresses using our IP Security feature. The IP Security feature can be configured to either block a range of IP addresses or allow only specific, user-defined IP addresses to log in to command mode; regardless of whether a valid user password is entered or not. This means that even if an unauthorized user manages to get his hands on a valid user password, you can still block access based on the user’s IP address.

The user password directory is also applied for dial-up communication, but a dial-back security feature is added to ensure that dial-up users are authenticated also. When dial-back security is enabled, users who attempt to connect to the console server via dial-up are first prompted to enter a username and password. If a valid username and password are entered, the console server will then disconnect, and call the user back at a phone number that has been predefined for the username that was entered above. This ensures that if unauthorized users manage to obtain a valid username and password, they still won’t be allowed to access the console server unless they’re able to answer the dialback call at the predefined number. To add one more level of security for dial-up communication, the dialback security feature can also be configured to again prompt for a username and password when the party answers a dial-back call.

Obviously, not everyone will need to use both dial-up and out of band communication, but the availability of secure communication via both methods adds flexibility to WTI console servers by allowing them to operate in both out of band network applications and dial-up applications where an out of band network is not available. For mission critical applications, you can also configure the console server for both out of band and dial up communication. This means that even if both your primary network and out of band maintenance network are down, you can still dial into the console server in order to access diagnostic and configuration functions on remote network devices.

Western Telematic, Inc. (WTI) designs and manufactures remote device management products for IT applications. WTI’s Serial Console Server products, Remote Reboot products, Switched PDU products and A/B Fallback products are engineered to allow you to securely manage and troubleshoot rack equipment in remote locations.

Link to Original Content

Tags: , , , , , , , , , ,

Comments are closed.