Centralise Your Password Management
Our solution utilises a product called Privilege to solve these problems by providing a centralised service that holds all your remote equipment password and connection information in a totally secure SQL database. It enables your users, administrators, engineers and applications to have secure remote access to managed devices, from a standard web browser, using IP or dial up connectivity. Users browse in to Privilege and get authenticated; they are then presented with a list of equipment they are permitted to access; connection is made with one click. They do not know equipment passwords, telephone numbers or IP addresses; it is simple, secure, fast and very efficient. Privilege proxies all the connections, making life easier for users, and keeps an audit trail of all activity - making life easier for you.
For Enterprise Customers
Greater security – the login credentials and connectivity details of all customer equipment will reside in the Privilege server. It is therefore easier for the customer to audit and approve a maintainer’s security system.
Reduced Administration – customer's IT staff will only need to provide external access to specific equipment on the network from one point i.e. the Privilege server. This will reduce their administration workload and associated costs.
Audit trail – Privilege will hold an audit trail of all remote access activity. In the event of a security breach it will enable the identification or elimination of remote maintenance as the source to be completed quickly and efficiently, saving time and cost.
For a Maintainer
Reduced Administration – Privilege will significantly reduce the administration overhead required to manage engineer and third party access to customer premise equipment. Some of the increased efficiencies are outlined below.
Adding equipment – without Privilege the existence of new sites or equipment must be notified to all users who require access to it. This information needs to include the login credentials and connectivity details. With Privilege all that is required is that the details are added to the Privilege database.
Removing equipment – without Privilege all users have to be notified if equipment is removed. With Privilege all that is required is that the details are removed from the Privilege database.
Adding users – without Privilege a new user will need to be told of all the equipment that they have access to. This information needs to include the login credentials and connectivity details. With Privilege all that is required is that the user is given authenticated access to the Privilege database.
Removing users – without Privilege, when a user leaves, all usernames and passwords of every device that they were able to access should be changed; this is an onerous task. With Privilege all that is required is that the user’s details are removed from the Privilege database.
Changing Passwords – for security purposes it is generally considered good practise to routinely change equipment passwords. Without Privilege this can be a long manual process and all users have to be provided with details of the changes to only those sites and equipment to which they have access. With Privilege it is questionable whether the passwords need to be routinely changed. If policy dictates that they do, then there is no need to advise users of the changes as they do not need to know any login credentials.
Third party access – some equipment may be maintained by a third party supplier, who needs to be given access to remote equipment either permanently or on a temporary basis. Without Privilege you will need to either provide a permanent login or change equipment passwords each time a third party has had access. With Privilege you can control third party access in exactly the same way as you control access by your own staff. This not only reduces the overhead of managing third party suppliers but can also reduce the time it takes to respond to an incident.
The use of Privilege will greatly increase the security of your operation, help you to audit activity, increase efficiency and reduce the cost of providing secure remote access. Some of these benefits are outlined below.
Audit trail – when an incident occurs it can be important to know if anyone has accessed a device and caused the problem. Without Privilege it is not possible to be certain of who did what and when. Privilege keeps a full audit trail that will allow you to quickly identify who did what and when. This includes the user and time, with drill-down to show data sent to and received from a device. The audit trail will also allow you to identify where additional training is required.
Security audit – in an increasingly security-conscious world it is important that you can demonstrate that your systems meet ISO or similar standards. Without Privilege you need to give login credentials and connectivity details to individuals, some of whom may be contractors or work for third party companies. You will have to go to considerable lengths to convince your customers that your systems are secure. Privilege holds all login credentials and connectivity details in a secure central database; only administrators will have access to this information. This will allow you to more easily and cost effectively meet ISO standards and provide assurance to your customers.
Third party audit – where equipment is maintained by a third party, you will be held responsible by your customers for all their actions. Without Privilege you will have no idea what they have done and when. With Privilege you can produce a complete audit trail of activity including commands sent to and responses received from equipment.
Restricted access – some remote equipment, e.g. the Data Track Tracker, can be programmed to limit both dial up and IP access to both itself and devices connected to it. Without Privilege this can be very difficult and time consuming to implement; it may prove to be a practical non-starter. With Privilege it is a simple task. All communications are channelled through the Privilege server so that connectivity can be limited to one CLI/ANI number and one IP address.
Without Privilege, users will need some training on how to set up various connections from their laptop or workstation. These will include ASCII, Telnet, SSH, PPP, PPTP, FTP, HTTP, HTTPS and TCP. They will need to know which type of connection to set up for each equipment type and service. With Privilege they can use a standard browser to initiate all connections and services. Privilege will proxy the connection and use the correct protocol. This will greatly reduce the amount of training required by your users and greatly simplify the connection process.