Secure Tunneling

Kategorie: Opengear

Secure Tunneling (SDT) provide a secure tunnel through which administrators can access and control their local and remote infrastructure. SDT couples the trusted open source SSH tunneling protocol with robust in-band and out-of-band, text and graphical console management tools. SDT has been developed by Opengear engineers as open source technology (refer sdtcon) and it is included in all Opengear console servers. Uniquely sdtcon has overcome a traditional limitation of SSH2 and allows you to tunnel UDP based protocols (such as DNS or Serial over LAN (SoL) as well as TCP protocols such as HTTP or Remote Desktop Protocol (RDP)

SDT

SDT provides a secure communications path for remote management from the applications layer, through the operating system and BIOS layers; right down to the embedded BMCs and power switch hardware - and they can even manage the KVM built into the server's service processor.

Infrastructure Management

SDT enables users and administrators to securely access and manage all their remote Windows, Linux, Mac, AIX, HP-UX, Solaris and UNIX servers. If the operating system on the remote server is running, they can securely tunnel to the remote site and use in-band graphical access tools like Windows Remote RDP, Terminal Server and Virtual Network Computing (VNC) to access files, restart applications, upgrade operating systems or change configurations. SDT also provides secure remote text console or X tool access.

For remote servers that are in need of trouble shooting, the administrator has command-line kernel and POST/ BIOS-level access through serial port connections, serial-over-IP and TCP/IP network connections to boh the main processors and embedded BMC or service processors. Power cycling of the troubled server or networking appliance can actioned with the push of button. And the administrator can use these troubleshooting and remediatiion tools out-of-band, even if the main internet data pathway is down.

Secure Tunneling is supported by the full line of IMG/IM/CM/SD console servers and device servers. An unlimited user license for the SDTConnector client software is also included with these products. SDTConnector is a simple point-and-click tool that gives users and administrators a single point for secure (and out of band) access to systems and devices in their remote sites.

SSH tunnels VNC, RDP, HTTP, HTTPS, SoL, SSH and Telnet services

SSH tunneling (also known as SSH port forwarding) is the process of forwarding selected TCP ports through authenticated and encrypted tunnels. While the graphical desktop tolls like VNC and RDP are secure enough to use on a firewall protected private network; and simple access tools like Telnet and HTTP work well in an isolated local LAN environment, these tools are not robust enough for use directly over a public network.

SDT uses SSH to securely tunnel such VNC, RDP, HTTP sessions from the remote user through to the console server over any broadband (wireless, ADSL, cable) Internet connection; or over the enterprise private network, or even over a direct dial-up or ISDN modem connection. The console server then forwards these sessions to the computer/device being accessed through to the local TCP/IP LAN, or through to the computer’s serial COM port.

VNC access generally allows access to the whole computer, so security is imperative. VNC uses a random challenge-response system to provide the basic authentication to connect to a VNC server. This is reasonably secure and the password is not sent over the network. However, once connected, all subsequent VNC traffic is unencrypted. So a malicious user could snoop the VNC session. Also there are VNC scanning programs available, which will scan a subnet looking for PCs which are listening on one of the ports which VNC uses. Similarly security with Microsoft’s Remote Desktop is paramount as anyone who has access to these administrative features can control the server. You can configure Remote Desktop traffic to be all encrypted, however its authentication is weak so it is susceptible to man in the middle (MITM) attacks. The solution is to tunnel all RDP and VNC over a SSH connection, thereby ensuring all traffic is protected by strong authentication and encryption.

---