|
Availability and security of networks for remote locations are tied directly together. Due to the requirements to keep the network operating at a high level, there needs to be fast access to equipment in case of an outage or problem. People at the operations desk need to be able to connect remotely to telecom equipment such as routers, switches and firewalls or remote servers if users are experiencing troubles. Traditionally administrators have used Telnet to connect to remote devices to configure, troubleshoot or reboot them. In many cases Telnet has been replaced with SSH to take advantage of the encryption capabilities, the thought being that it enhances the security. These services run on the devices at the remote and allow "at the rack" connectivity in most cases. These are referred to as in-band solutions as the traffic that is being used to access the device shares the same path and bandwidth as the user application data traffic.
When you ask network operators how these services work, typically they tell you they work fine. They give excellent connectivity and most operators are extremely familiar with the command line interface of each device to configure or troubleshoot the device. In addition, the cost of these access methods is zero as the services are on almost every networking device and clients are on almost all workstations that are used for access. While these maintenance interfaces are working fine for network operators and system administrators who are managing the network, they work just as well for those who would like to intrude into the network for malicious intent or just to see what is going on. This paper discusses a layered approach of how to close these interfaces to intruders, make it more difficult for them to find the maintenance interface and keep the authorized management people capable of performing their job better.
Each year the reliance of companies on their network increases. The network grows in both size and complexity. New applications are added that meet a specific objective oriented towards individual groups. Systems are pushed further and further out into the field were the customer contact resides. Point of sale systems, inventory, receivables collection, human resources and other similar services are no longer restricted to the headquarters location. Pushing these critical applications out into the network means that the availability of the network is critical to smooth business continuation. Along with the applications being pushed further out, data required to support those applications is pushed out as well.
Remote office networks continue to abound in today's business environment. Surveys show that by 2010 there will be upwards of 900,000,000 remote workers. Banks and retail have placed systems that support customer touch services to speed up the processing of transactions. Inventory systems have been pushed out into the field along with processing for synergistic offerings that increase the reliance on the network. Companies have strategic relationships with both customers and suppliers that place access to the network on their customers' or suppliers' premises. The complexity of the networks and the applications needed to support the business and maintain the competitive edge grows with every new service rollout.
Executives charged with the responsibility to operate corporate networks face an ever increasing challenge. A survey conducted by the Business Performance Management Forum of 400+ senior executives spread across a wide spectrum of businesses, shows what concerns this increased complexity is causing within their ranks. Fifty percent of the executives felt the risks they needed to manage were unauthorized access to corporate data networks and computing devices.
Security and availability of remote locations seems to be on the mind of most IT executives today. It should be with the new regulations around security and the penalties associated with not complying. If that wasn't bad enough, the cost of data theft or poor network performance can impact not only the financial performance of the organization, but the perception of the financial markets as reflected in market capitalization and corporate reputation. The maintenance interface is a big security hole in most remote office environments that needs to be closed before executives experience what TJX did with exposure in every major publication for hackers stealing credit card information from their systems.
|
