Out-of-Band Management Security

Out-of-band security can pose unique problems for the administrator. By definition, out-of-band access bypasses all of the security measures that are put into place throughout the network. Out-of-band management is the ability to configure a piece of equipment by a means other than the transmission media used for transferring data. For example, if a remote site used Frame Relay for connectivity, using an ISDN dial-up or modem connection for management purposes is considered out-of-band. The easiest way to avoid all out-of-band security issues is simply not to allow any out-of-band access. In most cases, however, there are legitimate reasons to allow such access. The primary reason is to enable troubleshooting and repairs from a remote location when the primary link fails.

When using out-of-band connections, be especially aware that there is usually only a single line of defense between the outside world and the interior of your network. Because out-of-band management usually bypasses firewalls, perimeter routers, and other security measures, extra precautions must be employed to ensure that the out-of-band management connections do not present a new opportunity for security breaches.

If at all possible, combine all available methods of access limitation, logging, and authentication on out-of-band access points. Out-of-band telephone numbers should be guarded in a similar fashion as passwords. If it is possible to limit access to predefined telephone numbers and to use a callback method of authentication, you should do so.

One possible way of remotely managing equipment combines out-of-band management with existing equipment. For instance, assume that administrators need to access equipment on the local network from their homes. In this case, using an existing access server to connect to the local network and then using Telnet to connect to the equipment in question combines both in-band and out-of-band management. The advantage of this method is that the entry points to the network are concentrated, presenting a smaller opportunity for security breaches, and that the strongest security methods including call back and AAA services may be applied at this entry point. When feasible, using a combination of services as described in this paragraph increases security and lessens the routine maintenance required.

See the section “Physical Security” earlier in this chapter for specifics on configuring access lists and other security methods so that interfaces can be set in the most secure manner.