By Bert Wilhelm, Uplogix

The security of branch office networks has been enhanced in the last decade through the adoption of technologies such as directory systems, AAA security policies, logging and encryption. More recently, financial services organizations have undertaken major projects to move access and tracking security to a more comprehensive and powerful model called Identity and Access Management (IAM). IAM aims to securely manage user identities and access rights across multiple business functions and applications.

Even as organizations embark on IAM projects to evolve access management for production networks, there is a method of access which, in many cases, lacks the existing protection measures. Should you lose your network connection, one of the most commonly used forms of access control is through out-of-band (OOB) connections, which have been largely unaddressed from a security standpoint. When a problem arises with an enterprise network connection to a branch office, the OOB connection acts as the “back door” to provide a secondary means of accessing devices and systems if the primary connection has been lost.

Unfortunately, OOB connectivity for remote console management has not seen the same degree of security improvements that have been made to production networks. For example, access to an OOB connection may require only a static username and password and the connection may not be encrypted. This is a risky practice because remote administration requires access to the device console. If the unsecure OOB connection is hacked, then thieves have console access to the network equipment and/or servers. This means they have carte blanche to execute operations and changes to the devices and could gain access to other parts of the network. If configuration changes or updates don’t work, it’s critical to be able to retrace the steps that were taken. If contractors or other third parties do work, logging provides a record of their activities.

Entering the picture is a new technology called secure remote management (SRM) which brings new functionality and intelligence that takes an integrated approach to solving the OOB security predicament. SRM does this by locking the backdoor to ensure internal security and management policies are always enforced, even during a network outage.

Compared with traditional network and systems management tools that rely on the network and remain labor-intensive, secure remote management combines the localized control and connectivity of a console server with the intelligence of an enterprise software solution. This platform front-ends a branch office’s equipment by safeguarding against the vulnerability of the OOB dial connection, allowing only outbound dialing or answering calls only if the primary connection has been lost. SRM controls access to routers, switches, and servers by enforcing AAA policies and integrating with IAM systems.

One of the country’s largest savings and loan institutions was faced with the challenge of effectively managing and securing multiple existing branch offices, along with new ones opening up. The rapid expansion was overwhelming the bank’s small IT operations and support team in maintaining control of internal security threats and ensuring only the right users had the right access to devices and systems. Implementing secure remote management gave IT staff the visibility and control to guarantee security and bank management policies were always enforced, even during a network outage.

Risks were reduced by minimizing the threat of insider abuse and unauthorized access to the bank’s IT systems through multifactor authentication capabilities. This process satisfied the need to protect root passwords by providing command-level access control and simple role-based permissions, ensuring the right users were getting the right access to the right network devices.

Losing access to your distributed network or being blind-sided by internal security threats has been greatly overlooked. By locking the back door with new secure remote management practices, financial services organizations now have access and control regardless if the network is up or down—putting IT staff at ease knowing they aren’t the easiest target on the block.

Bert Wilhelm is the director of product and technical marketing at Austin, Texas-based Uplogix. Uplogix provides an integrated remote management solution that automates routine administration, maintenance and recovery tasks.