Perle Systems Technical Notes
Managing Networking Equipment through Secure Management Sessions
Protecting Enterprise infrastructures has become a crucial and important part of every network design. Network Administrator access to networking gear must be though proper authentication methods using encrypted sessions. User access to Ethernet switch access ports must be restricted to authenticated users as well.
SSH Secure Management Sessions
Offering Telnet access is common amongst Media Converter and Ethernet Extender vendors. However, the information passed on the network from a telnet workstation and the target network gear is completely in the clear. Therefore, it is available to anyone with simple tracing capabilities. Secure Shell, or SSH, protocol offered on clients such as PUTTY encrypts the information to and from the client. SSH is recognized as the best way to perform in-band management.
Perle managed Industrial Switches with the PRO software feature set, Media Converters and Ethernet Extenders support SSH version 2 and version 1 clients. This provides protection with powerful encryption algorithms such as AES with 256, 192 or 128 bit key lengths, 3DES, DES, Blowfish, CAST128, ARCFOUR (RC4), ARCTWO (RC2).
SNMPv3 Secure Management Sessions
Large scale NMS systems, such as PerleVIEW, CiscoWorks and HP OpenView, support a secure form of Simple Network Management Protocol ( SNMPv3 ). Unlike Version 1 and 2, SNMPv3 provides capabilities such as user authentication, authorization and privacy ( packet encryption ). Authentication is checked through the SNMP User IDs and passwords. The user can be defined as having read only or full read/write capabilities. If “Privacy” is selected, a one-way MD5 or SHA hashing algorithm is used for the ID and password portion. And, a powerful AES/DES encryption algorithm is used for all the information packets.
HTTPS Secure Management Sessions
Web pages served from network gear can be in the form of a simple HTTP format or, secure pages can be offered using HTTPS. HTTPS is the same method used by online banking web sites. It is very secure and ensures optimal privacy on the network.