Secure Remote Access For Your Network Appliances

Providing remote access to a variety of equipment, particularly where they are connected to a data network, raises significant security concerns and administrative problems for customers, service suppliers and equipment maintainers.

Network administrators need to ensure that edge devices are hardened against brute force attacks, denial of service attacks and other external threats. At the same time a solution is required to allow network access to legitimate users such as home workers and third party suppliers and maintainers.

Our secure remote access products can help:

• Make legacy and non-networkable devices remotely accessible.
• Provide you with an alternative method of accessing critical equipment in times when traditional network communication becomes disrupted.
• Manage the 'Who', 'How' and 'What' of user access.

We can provide a simple yet secure method for you to provide access to potentially large numbers of multi vendor equipment by your engineers and administrators.

Using a Tracker appliance you can add additional layers of security around network appliances, find alternative means to provide remote access to equipment and even put devices onto the network that have no native IP interface.

A Tracker appliance is rackmountable or comes as a standalone unit (with a compact footprint). It will connect to your other appliances via IP or serial link and has options for discrete alarm points and control relays. It supports inbound connections through either IP or dial-up connections, with advanced security options available for each to ensure the best possible protection.

In large installations, you can pair the Tracker appliances with our single sign on product to add yet more layers of security. You will also reduce the administrative hassles associated with multiple users connecting to multiple equipment at multiple sites.

Where no IP network is available, remote access over standard telephone lines via a modem is the best alternative; for some purposes, it may even be the simplest solution. However, it also represents the easiest way to bypass any IP security and gain a foothold on an IP network. Consequently, in addition to a standard username and password, the Tracker features:

Restricted Answering

Utilising the Caller ID or ANI service, the modem within the Tracker will only answer the call if it is from a pre-programmed number.

PPP

The Tracker is capable of connecting a user to the IP network using PPP, the industry standard networking protocol.

Two Factor Authentication

This is the most secure option available and requires a Tracker 2720 modem at the calling end. The 2720 can be used as a normal modem. It is pre-programmed with a secret and a unique identity number (ID).

When it is used to call a Tracker that has been configured to use two factor authentication, the called Tracker will issue an encrypted challenge using its secret. Only an encrypted response using the same secret will authenticate; this is the first stage. The second stage involves the receiving Tracker checking that the ID of the calling 2720 appears in its Access list. If it does then it is granted access to the system. If it does not appear in its Access list or is found in its Deny list, then access will be refused. This authentication process is completely transparent to the user and makes the system easily integrated into an existing IT infrastructure.

The Tracker 2700, 2720 and 2730 products have received Information Assurance Accreditation from the US Government's Defense Information System Network (DISN) Security Accreditation Working Group.

There are two options available for IP access; in-band and side-band.

In-band

In-band access is a straightforward connection to the IP address of the Tracker. In addition to the standard username and password, the Tracker includes a packet filtering firewall. This can be used in addition to the corporate firewall to ensure that access can only be gained by users with a specific IP address to specific ports.

Side-Band

Side-band access creates an encrypted tunnel to the Tracker, through which all the keystrokes and any other data passes. This makes it impossible for packet sniffers to determine what data is being passed between the Tracker and the Client.

The Tracker will support the standard SSL protocol for telnet and FTP access. This will enable a client such as a system administrator/engineer to use their PC to establish a completely secure connection to the Tracker. This connection could be routed out of one corporate network, over the Internet and onto a second corporate network. The only requirements on the second corporate network would be to allow the SSL tunnel through the corporate firewall.

The Tracker also supports VPN connections using the strong 128-bit Microsoft Point-to-Point Encryption (MPPE) to create a secure tunnel. This is suited to situations that demand a more permanent connection to the Tracker.

To our knowledge, there have been no successful hacking attempts on a Tracker that is out in the field. We continue to update the Tracker so that our customers feel confident in allowing the Tracker onto their corporate networks.