UniGuard-V34 & Port Authority 44
July 27, 2005
Communication Devices (CDI)Product:
- Ease of Use:
- Value for Money:
- Overall Rating:
Excellent protection for remote systems management with strong authentication. SecurID service can be kept separate from one used for corporate systems access.
Policies are quite simple; needs more options to limit staff access.
A must-have if remote access to systems management and high security is key, but policies cannot be easily incorporated into any other interface.
The UniGuard-V34 modem and Port Authority 44 (PA44) offer secure out-of-band control of networking hardware and servers.
The problem is how to connect remotely to network devices when that network has failed. Most monitoring consoles communicate through the network they are monitoring. Out of band (OOB) systems use a separate network, in this case the telecoms network, which is not in the same "band."
Both products have built-in modems, Triple DES encryption, and two-factor authentication optionally through RSA's SecurID.
PA44's four ports connect to console ports on the hardware being controlled. There are also four power ports so equipment can be powered-down and back up again remotely. UniGuard is a single-port version, which can be used to control one piece of equipment or at the admin's workstation as an encryption modem to communicate with the PA44 or its eight-port partner the PA88.
Both units need to maintain a security database of sanctioned technicians. Other methods of OOB management rely on Radius and Tacacs+, but these require separate security servers to maintain a database. Uniguard and PA44 each contain a secured database that can be kept updated and refreshed remotely.
The database is populated from the Distributed Database Manager through an encrypted session. The policies in this environment are simple. All that is stored is the user name, their preferred method of connection, and which ports and equipment they can access. If SecurID is used, it also stores the seed number used in generating the user's numerical password.
The policy management of these products lacks sophistication, but access is well thought-out. Users wishing to access the database can connect with two-factor authentication, or a numerical password can be generated by the system and sent to a technician's pager to supplement their password.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry