Security and Authentication Considerations for Network Power Switch Products

A network power switch can provide network administrators and tech support personnel with an incredibly convenient tool for controlling power and reboot functions at off-site data centers and remote network equipment cabinets. In many cases, the remote reboot and power control functions provided by a network power switch can allow you to deal with power related problems with remote network elements without the expense and lost time of traveling to the network equipment site in person.

The ability to reboot remote network devices is such a valuable asset, that these days, it’s rare to find a remote network equipment application that doesn’t include some sort of network power switch or switched PDU. The benefits provided by a network power switch are obvious, but with these benefits also come a measure of vulnerability, and that’s why it’s important to make certain that your network power switch solution also includes adequate security and authentication measures to protect vital remote power switching and reboot capabilities from unauthorized access.

As with all network devices, a good network power switch must also support a robust assortment of security and authentication measures in order to ensure that reboot and power switching functions remain protected. A user directory with password protection is a good first step towards network power switch security, but in order to provide a truly effective deterrent to hackers and other potential menaces, a network power switch must also support authentication protocols such as TACACS+, LDAP, Kerberos and RADIUS in order to help to ensure that each potential user is indeed who they claim to be.

In addition to supporting popular authentication protocols, a truly secure network power switch should also support secure communication protocols such as SSH and HTTPS and encryption formats such as FIPS and SSHv2 in order to provide a layered approach to system security and pose additional obstacles to stand in the way of unauthorized access. If the network power switch will be accessed via dial-up connection, then features such as callback security should be present in order to discourage unauthorized out of band access.

Callback security provides a simple, yet effective solution for secure out of band communication with a network power switch. When callback security is properly configured and enabled, callers who attempt to access the network power switch command mode via dial-up will be presented with username/password prompts. When the caller enters a valid username/password, they will not immediately be allowed to access command functions. Instead, the network power switch will first hang-up the phone line, then dial the user back at a phone number that has been previously defined for the individual user account. When the user answers the callback from the network power switch, the username/password prompt will again be displayed. Since each user is only allowed to access command functions via a predefined phone number, this essentially provides a sort of low-tech authentication for dial-up users.

When used correctly, a network power switch enables administrators to reboot remote devices, schedule power On/Off switching functions for nonessential devices and monitor power consumption and other criteria at remote network equipment sites. Sadly though, these days, there’s always a flipside to any powerful network tool, in that administrators have to make doubly certain that the capabilities provided by tools such as network power switches are kept safely away from unauthorized access. Although that may be a somewhat troubling thought, administrators can reduce or eliminate most of the worries associated with remote power management by simply making certain to choose a network power switch that includes adequate security, authentication and cryptography features to discourage unwanted access and protect vital power control functions from hackers and other unauthorized users.

Link to Original Content

Tags: , , , , , , , , ,

Comments are closed.