Callback Security – An Important Feature for Modem-Based Console Server Applications

When managing network devices at extremely remote installation sites, it’s not always possible to establish a connection with a console server unit via network cable. In cases like this, network administrators often rely on an old fashioned dial-up modem connection in order to communicate with the console server and other devices at the remote site. Although dial-up is obviously slower than a network connection, it serves well for administrators who need to check status or perform troubleshooting functions at these remote sites.

Aside from speed, the main drawback to a dial-up connection, is the lack of support for advanced security and authentication features, such as LDAP, TACACS+, RADIUS and Kerberos. Without the benefit of these authentication protocols, dial-up access security for the console server is often limited to basic password/user name level protection. For this reason, it’s important to choose a console server that includes security features that are specifically tailored for dial-up communication.

One of the most simple and effective means for secure, dial-up communication, is a dialback security or callback security feature. When the console server unit supports callback security, callers are not immediately granted access to command mode. Instead, when an incoming call is received, the console server first prompts the caller to enter a username/password and then disconnects and calls the user back at a callback number that has been predefined for each user account. When the user answers the callback, the console server can prompt the user to re-enter the username/password and will only then allow access to console server command functions.

Callback security basically serves as a kind of low-tech user authentication feature. In order to gain access to command functions, each user must be able to answer a callback to the number that is predefined for their specific user account. This ensures that each user will only be able to gain access from the phone number defined for their account, and effectively authenticates that the user is indeed who they claim to be, rather than an unauthorized user who has some how managed to get their hands on a valid password and username.

There are many different types of out of band management applications that rely on modem communication with a console server at a remote network equipment site. In some cases, modem communication is used when the main network is down; in other cases, modem communication provides the only means of connecting to remote devices in order to collect data, check status and perform troubleshooting functions. If your remote network management application requires modem communication with remote devices, make certain to choose a console server unit that provides multiple layers of security for modem communication. Username/password features provide a basic start to console server security, but in order to provide a multi-layered approach to security for remote network equipment sites, your remote console server should support modem-based security features such as callback or dialback security that can help to verify the identity of each potential user, and screen out unauthorized outsiders who have managed to stumble across a valid password.

Link to Original Content

Tags: , , , , ,

Comments are closed.