Why a Multi-Layered Approach to Security is Vital for Terminal Switch Applications

Given the powerful remote access capabilities that a terminal switch (http://www.wti.com/c-56-terminal-switch.aspx) provides in an out of band management application, it’s absolutely vital to ensure that a terminal switch includes adequate security features to protect critical console port command functions from unauthorized access. Almost all terminal switch units include basic security features such as password protection, but in many terminal switch applications, simple password security isn’t enough; that’s why it’s important to select a terminal server product that supports additional, advanced security functions functions such as authentication and encryption such as HTTPS and the ability to create SSL security certificates.

HTTPS provides improved security for users who typically contact their terminal server unit via web browser interface. In addition to providing a more secure connection than plain HTTP, HTTPS also provides the ability to create self signed certificates without the need to contact an outside service. HTTPS support also simplifies the process of installing a terminal switch in a remote network application, by eliminating the need to set up your DNS to recognize the terminal switch device.

HTTPS support also enables the terminal switch to issue SSL security certificates and private server keys; this allows encrypted data sent to and from the terminal switch unit to be decoded by authorized users, while effectively preventing transmitted data from being intercepted and read by those without a valid SSL certificate. The SSL security certificate also provides authentication by preventing users without a valid SSL certificate from being able to access command, configuration and status display functions on the terminal switch unit.

Ideally, a terminal switch product should support a variety of different authentication and security protocols in order to provide a multi-layered approach to security and authentication, which provides a much more effective solution than a single layer approach to terminal switch security. In addition to HTTPS, a terminal switch should also support authentication protocols such as LDAP, Kerberos, TACACS and Radius, as well as security features such as password security and IP filtering. If the terminal switch will also be accessible via modem, then security/authentication features such as callback security can also be helpful.

The remote console port access capabilities of a terminal switch unit provide network administrators with a valuable tool for diagnosing and troubleshooting problems with remote network devices, but in order for these remote access tools to be truly helpful, it’s absolutely imperative that the terminal switch includes adequate means to protect remote access capabilities from unauthorized users. In addition to commonly encountered security and authentication features such as password security and third party authentication protocols, a secure terminal switch unit should also support the encryption and authentication features provided by HTTPS support and SSH security certification.

Link to Original Content

Tags: , , , , , , ,

Comments are closed.