Specifications
©
2002, David K. Z. Harris
36
Pg. 36
© 2002
David K. Z. Harris
Security Issues
Ø It’s easier to maintain secure
communication to a Console
Server Host, than it is to make
secure connections to Console
Server hardware.
Ø Take steps to restrict access to
your console servers and logs.
Ø Centralize your access rights.
Remote access to your serial consoles will become an invaluable tool (if it
isn’t already). It can easily become a major part of your administration
foundation. Because of this, you will want to ensure that your deployment is
sturdy, and reliable.
With Console Server Hardware, you can often use a centralized authentication
server (using RADIUS, for example). However, if your workstation clients
need to patch/upgrade their SSH version, you could break your access to the
console server hardware.
It may be easier to have a logging console server application host, managing
the access to the serial consoles. The presumption is that your workstation
clients will be using the same OS and SSH code as your console server
application host, which would minimize the chances that a patch/upgrade
would break host-to-host communications.
You should minimize the number of accounts that have administrative access
to your Console Server application host, as well as to your Console Server
hardware. Clients do not necessarily need to have shell access to the
host/hardware.
Managing who has what access is best done from a central database, rather
than needing to make duplicate changes across multiple machines.