Using Database to Manage Local Access Users on Network Assets

  • Fábio Oliveira dos Santos
  • Alberto Savio
  • Marcos Araujo
  • Natalia Castro Fernandes

Resumo


Nowadays, we have different efficient access control systems to manage remote access to network assets. Such systems are usually based on a centralized authentication server available throw network. Nevertheless, there is a challenge when the network is not available and there is a need for local access, which demands a local login. The scale of this problem is even greater in scenarios of service providers, which manage thousands of network assets. On one hand, the network is under risk if all devices use the same login/password for local access. On the other hand, a different login/password to each device is unmanageable. We propose a tool that manages local user authentication on network equipment. Our system is based on a validation mechanism for the local accesses in an automatic and centralized way. With our proposal, we can work around the security risks of local users without causing major impacts and costs in the daily operation of the network regardless of the size of the network. Since our proposal is based on automatic validations of users and their information even though this information cannot be tested directly on the network. The main go of our proposal is to generate and manage a unique set of username and password for each network element so that they can only be used once for local access to the network elements whenever they are without access to the servers authentication. In our proposal the OTP passowrds functions (one time passwords) do not need to be implemented by the network elements. We implemented and tested our proposal, validating the proposed approach. Our implementation was realized an Intel machine, with Ubuntu operating system, where we were able to generate and manage users and passwords for more than 5 thousand routers from Cisco manufacturer.
Publicado
25/10/2018
Como Citar

Selecione um Formato
SANTOS, Fábio Oliveira dos; SAVIO, Alberto; ARAUJO, Marcos; FERNANDES, Natalia Castro. Using Database to Manage Local Access Users on Network Assets. In: WORKSHOP DE GESTÃO DE IDENTIDADES DIGITAIS - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 18. , 2018, Natal. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2018 . p. 130 - 141.