An IP Address Filter Provides an Additional Layer of Security for Console Server Applications

When deploying a console server ( as a part of an out of band management solution, it’s always best to take a multi-layered approach to system security. In addition to basic password protection, a console server should also support authentication protocols such as LDAP, Kerberos and TACACS+, as well as other secondary measures such as call-back security for modem based applications and alarm features to let administrators know when security might potentially be threatened. If the IP addresses of all potential console server users is known, then an IP Address Filter can also help to improve security and prevent unauthorized access.

An IP Address Filter prevents unauthorized access to console server command functions by either screening out most IP addresses, or allowing access by only specific, known IP addresses. In most console server products, the IP Address can be configured to reject or accept a user-defined range of IP addresses, or only allow access by the IP addresses that are defined by the network administrator. The ability to block or allow access by a range of IP addresses works particularly well in a corporate environment, where all legitimate user addresses will typically fall into a tight, easily specified range; the ability to allow only user-specified addresses is more suited to out of band management applications that require access by both users who are located at a main corporate facility and possibly at satellite facilities, located away from corporate headquarters.

IP Address Filtering also works well for applications that require automated access to the console server, but still require security measures to prevent unauthorized access to sensitive command functions. Since password based security protocol is often not well suited to automated console server access, the IP Address Filter eliminates the need for users to enter a password and user account name, and instead the user IP address essentially becomes the password; if the IP address is recognized by the console server, access is allowed, but if the IP address is not recognized, then access is denied.

Console server units are employed in a wide variety of different types of out of band management applications, with a wide variety of security requirements. Since a console server allows remote access to command functions on vital network elements, it’s absolutely imperative that user access is closely monitored and protected. A console server should provide multiple layers of security and authentication in order to prevent unauthorized access to command functions. An IP Address filter provides network administrators with the flexibility to adapt login procedures to automated console server applications, and also provides an additional layer of security for console server applications that depend on password protection and user authentication protocols.

Link to Original Content

Tags: , , , ,

Comments are closed.