Callback Security – Effective Authentication for Dial-up Out of Band Communication

An out of band management (http://www.wti.com/c-45-out-of-band-management.aspx) solution can provide network administrators with a convenient, reliable means to communicate with remote network devices when communication via network is not available. Although out of band communication is a vital element in many remote network equipment management applications, in most cases, out of band management solutions rely on a dial-up modem connection between the administrator and the out of band management unit.

With this in mind, it’s helpful to remember that dial-up communication generally does not support popular authentication protocols that would be normally available when communicating via network. This means that in order to provide authentication capabilities (or “authentication-like” capabilities) for dial-up communication, one has to be a little bit more creative than one would with network communication.

One popular solution to this dilemma, is a feature called “callback security” or “dial-back security.” Essentially, the callback security feature relies on predefined phone numbers for each registered user in order to verify the user identity during the logon procedure. When callback security is deployed and a caller attempts to establish a dial-up connection with the out of band management unit, the out of band management unit will first prompt the caller to enter a username and password. If a valid username and password are entered, the callback security function will verify that the correct logon information was entered, but will not provide immediate access to command functions on the out of band management unit. Instead, the callback security feature will disconnect, pause for a moment, and then call the user back at the phone number that has been predefined for the user account, effectively verifying that the caller is who they claim to be. In addition, some callback security features also include an option that allows the out of band management unit to prompt the user to re-enter the username and password upon callback, in order to make doubly sure that the user is indeed authorized to access the out of band management unit and that there has been no error in defining the phone number for the account.

An out of band management unit can provide a valuable tool for any network administrator who is responsible for network devices installed in off-site data centers or remote network equipment racks, allowing administrators to check the status of devices at remote sites, change configuration parameters and run troubleshooting routines even when normal network communication is not available. In cases where a malfunctioning device at a remote equipment rack is the cause of a network outage, an intelligently deployed, full featured out of band management unit often provides the only way to restore network communication without the cost and delays associated with service calls and truck rolls to the remote equipment site. But as important as out of band communication capabilities are, it’s still equally important to remember the old saying that, “with great power comes great responsibility,” and make certain to choose an out of band management solution that includes additional security and authentication features for modem communication, such as callback security or dial-back security, in order to ensure that access to console port command functions is adequately protected from unauthorized users.

Link to Original Content

Tags: , , , , ,

Comments are closed.