Effective Security for Remote Power Control Applications

A remote power control solution is a critical element in any network application that involves communication with network elements located at remote equipment sites. The reason for this is fairly simple; without some sort of remote power control solution, the only way to reboot or power On/Off devices at the remote site is an expensive, time consuming trip to the remote site merely to flip a power switch Off and On. But in spite of the obvious value of a remote power control solution, the capabilities provided by a switched PDU can actually do more harm than good if the remote power control solution does not include adequate security and authentication measures.

The ability to remotely reboot or power On/Off network devices at an off-site data center or distant equipment rack can indeed be a lifesaver. When a critical network element in an equipment rack located miles away from the central office freezes or crashes, a power reboot can often solve the problem almost immediately. But in order to reboot a device at the remote equipment site, network administrators either have to send a service team to the remote site to perform the simple reboot, or install a remote power control solution such as a switched PDU in order to provide remote power control and reboot capabilities.

Although the capabilities provided by a remote power control solution can save both time and money for busy network administrators, without adequate security and authentication features, the remote power control solution can also serve as an incredible temptation for hackers and other unauthorized users who might access the switched PDU and start randomly turning devices On or Off. Of course, we’d all prefer a world where hackers would just mind their own business, that’s just not the way that things work out these days, and that’s also why an effective remote power control solution must include adequate protection against invalid access.

While most switched PDUs and remote power control solutions include username/password prompts to discourage unauthorized access to power control functions, in most cases, a mere password prompt isn’t enough to discourage a determined hacker. In order to provide an effective deterrent to unauthorized access, a well-designed remote power solution must also include support for remote authentication protocols such as TACACS+, Kerberos, RADIUS and LDAP. Support for these authentication protocols adds an additional layer of security by providing assurance that each potential user is indeed who they claim to be.

In addition to passwords and authentication protocols, there are other features that can also help to increase the security of your remote power control solution. For example, if the switched PDU supports SSHv2 Encryption, this prevents hackers from intercepting commands and status messages sent to and from the remote power control solution that could potentially provide hints to ways around password security. Support for communication protocols such as HTTPS and SSL also make it easier to keep unauthorized users out. Generally speaking, the more layers of security and authentication that are provided by a remote power control solution, the better.

Although the measures discussed above can prove to be very effective in deterring unauthorized access via network, it’s also important to make certain that dial-up, out-of-band communication is equally secure. Since popular authentication protocols are generally not applicable to dial-up communication, secure communication via modem often requires a little bit more of a creative approach. Some switched PDU products have solved this problem by implementing a feature that’s often referred to as “callback security” or “dial-back security.” When properly set up, callback security essentially provides a sort of low-tech authentication for modem communication. Rather than allowing immediate command mode access to dial-in users, the callback security feature will automatically disconnect after a valid password/username is entered, and then dial the user back at a phone number that has been predefined for the user account. If further security is required, the callback security feature can also be configured to prompt users to re-enter their passwords when the callback is received.

A secure, reliable remote power control solution enables network administrators to perform routine reboots and power switching without the expense and delays associated with service calls or field trips to distant network equipment sites. But in order to be truly secure, a remote power solution must provide adequate security measures in order to prevent hackers and other unauthorized personnel from accessing the same power control functions that are so helpful for dealing with problems at the remote site.

Link to Original Content

Tags: , , , , , ,

Comments are closed.