Securing out-of-band management devices

Over the past decade, network security has become more important than ever before. Back in the early 2000s, threats only went as far as an occasional email virus that a common virus scanner could easily detect. This once basic threat is now several threats that we refer to as malware. It is all around us, and not just a few devices are targeted, it is everything on our networks. Even our most secure devices, firewalls, routers and out-of-band (OOB) management devices. Yes, that’s right, the devices we trust as a network failover to our most critical systems. It is hard to imagine that we must concern ourselves with securing a port that operates at a mere 9600 baud.

OOB devices play an important role in our networks today. We trust them to be secure and failsafe. Most often, these OOB devices sit in parallel or in front of our most edge devices. Such as, firewalls, routers, phone systems, POS and much more. As network and security professionals, we must think outside the box and always stay one step ahead of the potential threats. It might sound like a cliché, but it is a true statement nonetheless. Security must be a way of thinking, and a way of life, not just an afterthought or reaction. If we stay proactive, we can keep our most critical network infrastructure running to meet those important SLAs.

A recent Forbes.com article accentuated this point while highlighting a few vendors that are lacking this way of forward thinking. As a trusted provider of OOB management solutions, Opengear has taken an important stance on security. Opengear continues to innovate, and reinvent the out-of-band management space with low-cost integrated cellular solutions. There are 1-port remote units, to the 48-port solution at the datacenter. With many popular models and configurations to choose from; including the ACM5000 to the most advanced console server on the market, the IM7200. The new IM7200 product line has all the features you could ever imagine in an OOB device. As previously mentioned, security is at the forefront of this new state of the art device and all other Opengear products.

Unlike much of Opengear’s competition, the following security features bring peace of mind and ensures those important SLAs are met. To prevent some of the most egregious threats; Opengear suggests implementing/configuring, SSH key authentication, IPSEC or OpenSSL VPN tunnels, Stateful Firewall, Centralized Logging, Alerting, Remote AAA, etc… To help network administrators and IT professionals implement proper security protocols, refer to the Opengear hardening guide for additional insights, configuration examples and more.

Resources:

IPSEC VPN GUIDE –

https://opengear.zendesk.com/attachments/token/ja66adtfspt0q1o/?name=AppNote-+Opengear+IPsec+tunnel+VPN.pdf

https://opengear.zendesk.com/entries/22235582-Configuring-an-IPsec-VPN-connection

OpenVPN (Openssl) –

https://opengear.zendesk.com/entries/22245713-OpenVPN-connection-on-the-Opengear-gateway

SSH Key Authentication (Linux) –

https://opengear.zendesk.com/entries/23218901-Generating-and-uploading-SSH-keys-under-Linux

SSH Key Authentication (Windows) –

https://opengear.zendesk.com/entries/23216142-Generating-and-uploading-SSH-keys-under-Windows

SSH Connections –

https://opengear.zendesk.com/entries/21841092-SSH-connecting-using-an-SSH-client

https://opengear.zendesk.com/entries/23241968-Efficiently-logging-into-all-8-16-48-serial-ports-via-SSH

IPTABLES/Firewall –

https://opengear.zendesk.com/entries/22248227-Custom-firewall-rules-and-rule-ordering-

https://opengear.zendesk.com/entries/22230871-Setting-Firewall-Rules-a-k-a-Port-Rules-

https://opengear.zendesk.com/entries/22257848-Firewall-and-routing-features

Logging/Syslog –

https://opengear.zendesk.com/entries/22969121-Logging-and-audit