Support for SSH or Secure Sockets Layer (SSL) connections alone does not define a secure solution. A truly secure, remote management solution should support one or more of the following capabilities:
· Remote Authentication Dial-In User Service (RADIUS)
· Lightweight Directory Access Protocol (LDAP)
· Breach-prevention modes (programmable response to port scans, pings)
· Internet Protocol (IP) and Firewall packet filtering
· Dual-factor authentication
· IP Security (IPSEC) tunnelling
· Comprehensive data logging and event notification features
· Other features necessary to support your security policy
While a device may claim to support these features, it is equally important to understand how these features are implemented. Simply being able to connect to a device using an SSH client, for example, does not mean the data is encrypted appropriately and securely. Therefore, it is important to check which encryption algorithms the device supports.
While software fixes for publicised attacks (or “patch management”) are important for protecting servers, selecting management devices with robust features such as authentication and encryption protocols is paramount.