The Invalid Access Alarm – An Additional Layer of Console Server Security

Given the important role that a console server (http://www.wti.com/c-4-console-server.aspx) plays in out of band management, and the powerful command functions that can be accessed using a console server, it’s fairly obvious that security is an extremely important consideration for any console server application. Since a console server provides remote access to console port command functions on important network elements, it’s absolutely vital that the console server includes adequate security and authentication measures to protect sensitive command functions from unauthorized access.

A console server that includes security features such as password protection and IP address filtering as well as support for popular authentication protocols provides a formidable defense for denying access to unauthorized users, but in some cases it can also be useful if the console server can notify administrators when a possible hack attack might be in progress. If the console server includes an Invalid Access Alarm function, this allows the console server to promptly notify administrators and support personnel when unusual password activity is detected, and in some cases, can also temporarily shut down network ports in order to discourage more ambitious hackers.

In most cases, an invalid access alarm function allows administrators to set threshold values for invalid password attempts. For example, high quality console server units, often allow users to specify the number of invalid access attempts that will generate an alarm. Once an invalid access alarm is generated, the console server should also provide several different alternatives as to how to proceed. If alarm notification will be sent to administrators and support personnel, then the console server should provide the option to notify multiple personnel in the event that the primary responder is not available. In order to fit the communication needs of a wide variety of different support personnel, it is also useful if the console server invalid access alarm can provide notification using several different popular communication protocols, such as email, text message, SNMP trap and SYSLOG message. As mentioned previously in this article, it can also be helpful if the console server invalid access alarm includes the ability to temporarily shut down network access to the console server. In this case, the invalid access alarm should provide administrators with the ability to define the duration of the duration of the network port lockout period.

In addition to notifying administrators and locking network ports when suspicious password attempt activity is detected, some full featured console server products also include the ability to log each invalid password attempt and record any alarms that may have been generated by invalid password attempts. Logged invalid access data is often useful for administrators who are trying to see trends in invalid access attempts, and can also be helpful in providing a history of invalid access attempts in order to help discern the difference between normal levels of invalid password attempts and elevated numbers of invalid access attempts that could possibly indicate a hack attack.

The powerful out of band access capabilities provided by a console server can often be a lifesaver when fast, reliable access is needed in order to deal with problems at remote network equipment racks. But in addition to providing out of band access to console port command functions on remote network elements, it’s also extremely important that console server access is adequately protected in order to ensure that unauthorized users are denied access to these powerful out of band management functions. In any network application, a multi-layered approach to security always provides the best solution. An invalid access alarm is an important console server feature that essentially provides an additional layer of security, but also helps administrators to be kept better informed when excessive failed password attempts might indicate a coordinated attack by a determined hacker.

Link to Original Content

Tags: , , , , ,

Comments are closed.