Managing Networking Equipment through Secure Management Sessions
Protecting enterprise infrastructure is a crucial and important part of every network design. Network Administrator and User access to equipment must be through proper authentication methods using encrypted sessions.
SSH/SSL/TLS Secure Management Sessions
Telnet access is common among vendors however, the information passed on the network from a telnet workstation and the target device is completely in the clear and available to anyone with simple tracing capabilities. SSH and SSL/TLS, offered on clients such as PUTTY, encrypt the information to and from the client and are recognized as the best way to perform in-band management.
Choosing equipment that supports SSL/TLS, SSH version 2, or SSH version 1 clients provides protection with powerful encryption algorithms such as AES with 256, 192 or 128 bit key lengths, 3DES, DES, Blowfish, CAST128, ARCFOUR (RC4), and ARCTWO (RC2).
SNMPv3 Secure Management Sessions
Large scale NMS systems, such as PerleVIEW, CiscoWorks, and HP OpenView, support a secure form of Simple Network Management Protocol (SNMPv3). Unlike Version 1 and 2, SNMPv3 provides capabilities such as user authentication, authorization and privacy (packet encryption). Authentication is checked through the SNMP User IDs and passwords. The user can be defined as having read only or full read/write capabilities. If “Privacy” is selected, a one-way MD5 or SHA hashing algorithm is used for the ID and password portion. And, a powerful AES/DES encryption algorithm is used for all the information packets.
HTTPS Secure Management Sessions
Web pages served from network gear can be in the form of a simple HTTP format, or secure pages can be offered using HTTPS. HTTPS is the same method used by online banking web sites. It is very secure and ensures optimal privacy on the network.