Using out-of-band for stronger in-band network security

Whether the network is up or down, Uplogix is a secure gateway for policy enforcement and compliance.

Secure access on a closed platform

Network security is more critical than ever. The security features of the Uplogix platform were initially developed for customers in finance and the military, but many enterprises are finding they need similar functionality. You need to know that your network is locked down inside and out and be able to prove it. With the average cost of a security breach increasing yearly, what business today doesn’t need reliable network security?

Uplogix is a secure, closed appliance. The underlying Linux OS does not have root access, which eliminates threat vectors possible with an open console server. Beyond the separation from the OS, the Uplogix platform is FIPS 140-2 Level Two Certified — not just a component of the solution like a FIPS-certified Open SSL library. Our solid state hard drives are available with AES-256 disk encryption, and only the SSH port is open by default.

All configuration and features for managing devices are governed by powerful and granular authorization controls with every activity and change logged and archived to the NOC. With features that automate device monitoring, maintenance and recovery, scripting isn’t necessary, avoiding another threat vector.

Not all console servers are created the same. In addition to all of its security functionality, Uplogix is a closed appliance. Other console servers are open implementations of Linux which could mean trouble.

Download the Security Solution Brief

Schedule an Uplogix Demo

In the heat of the moment when network problems arise, urgency often prevails over security. Break-glass root passwords are issued to empower technicians to console connect to devices and resolve issues, any centralized administrative audit is off-line, and carefully crafted policies intended to protect data are quickly bypassed. This is precisely the circumstance that sets the stage for a serious breach, unintended or not.

Key Security Capabilities

Uplogix extends role-based administrative access policies to devices with detailed auditing and reporting for compliance when the network is up, or down. Some of the specific cybersecurity functions include:

  • Maintain and enforce AAA (Authentication, Authorization and Accounting) regardless of the state of the network. Under normal circumstances, Uplogix Local Managers (LMs) integrate with remote multi-factor authentication mechanisms, such as TACACS and Radius, but if connectivity is lost, the LM can failover to other AAA servers before falling back on cached authentication data to maintain authorized access.
  • Prevent unauthorized user access by automatically closing idle sessions, eliminating a potential security gap. Uplogix also ensures that the right users have the right access by enforcing granular, role-based permissions.
  • Enable audit and compliance reporting by constantly logging all changes made to managed devices and the results of these changes.
  • Eliminate modem security issues with call-home connectivity. Uplogix appliances always “dial-out,” never allowing in-bound dial-up requests, to restore connectivity when the primary network connection goes down, closing common security holes.
  • Improve overall security by restricting access to specific IP addresses and encrypting passwords stored in the database, and by automating management functions related to security enforcement, like updating the access passwords on hundreds of managed devices at once.

Uplogix TechTip: Granular Authorization and Access

Uplogix provides highly configurable and granular role-based administrative access to managed gear. Role-based access controls and complete activity logging (including system prompts and responses) are maintained even when the network is down.