Plugging the Network Holes

Prior to working with CDI, I worked with a longtime network consulting company named INS.  One of the most consistent requests for service involved penetration and network testing, primarily around PCI compliance.  For this service, both a network and security consultant would be deployed to search for vulnerabilities.  Without fail one of the most consistent findings would be unsecure (often unknown) analog POTS lines, often leading to core network equipment.  POTS lines are still very much used for serial console access, and are pinned up for Out-of-Band Management access.

The security trouble with analog POTS for OOB is they are easily accessible from anywhere in the world.  Granted you need to know the number and password/ID but in terms of vulnerability, this is a red flag which should be tagged for immediate remediation.

The reality of the situation is you need serial access from time to time to fix a stuck router or firewall.  Analog POTS lines work for OOB, as does cellular wireless if there is sufficient signal strength.  In fact, LTE is probably the best option for OOB given the low cost of operation and the fact that the connection is always on and cannot be physically disconnected or repurposed.

I’d imagine its pretty low on the priority list, but do you know what’s being used today for remote site serial access?  Is there security beyond password/ID on these connections?  Given the constraints on time and resources, this is often not a priority, but the reality is you may well get more service, for a lower TCO if you simply take a look at what’s in place today.

CDI builds solutions in our US-factory to offer LTE, network, and analog access for OOB all on the same 1u chassis.  The units provide full encryption from user to remote, log all the sessions, and can offer integrated power-control for resetting stuck equipment.

Let me know if I can provide you with an overview of the solution, or have a look at our site for more information at: