Using Database to Manage Local Access Users on Network Assets
Resumo
Nowadays, we have different efficient access control systems to manage remote access to network assets. Such systems are usually based on a centralized authentication server available throw network. Nevertheless, there is a challenge when the network is not available and there is a need for local access, which demands a local login. The scale of this problem is even greater in scenarios of service providers, which manage thousands of network assets. On one hand, the network is under risk if all devices use the same login/password for local access. On the other hand, a different login/password to each device is unmanageable. We propose a tool that manages local user authentication on network equipment. Our system is based on a validation mechanism for the local accesses in an automatic and centralized way. With our proposal, we can work around the security risks of local users without causing major impacts and costs in the daily operation of the network regardless of the size of the network. Since our proposal is based on automatic validations of users and their information even though this information cannot be tested directly on the network. The main go of our proposal is to generate and manage a unique set of username and password for each network element so that they can only be used once for local access to the network elements whenever they are without access to the servers authentication. In our proposal the OTP passowrds functions (one time passwords) do not need to be implemented by the network elements. We implemented and tested our proposal, validating the proposed approach. Our implementation was realized an Intel machine, with Ubuntu operating system, where we were able to generate and manage users and passwords for more than 5 thousand routers from Cisco manufacturer.
Referências
Hildebrandt, E. and Saake, G. (1998). User authentication in multidatabase systems. In Proceedings Ninth International Workshop on Database and Expert Systems Applications (Cat. No.98EX130), pages 281–286.
Kemper, S. (2001). Computer security with local and remote authentication. Technical Report US Grant US7222361B2, Hewlett-Packard Development Co LP.
Liang, W. and Wang, W. (2004). A local authentication control scheme based on aaa architecture in wireless networks. In IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004, volume 7, pages 5276–5280 Vol. 7.
Me, G., Strangio, M. A., and Dellutri, F. (2005). Local authentication with bluetooth enabled mobile devices. In Joint International Conference on Autonomic and Autonomous Systems and International Conference on Networking and Services - (icas-isns’05)(ICAS-ICNS), page 72.
Me, G., Strangio, M. A., and Dellutri, F. (2018). Hardening cisco devices based on cryptography and security protocols - part one: Background theory. In Annals of Emerging Technologies in Computing (AETiC), page 18.
Rigney, C. (2000). Remote Authentication Dial In User Service (RADIUS). RFC 2865, IETF.
Silva, E. F., Fernandes, N. C., Rodriguez, N., and Muchaluat-Saade, D. C. (2014). Credential translations in future internet testbeds federation. In 2014 IEEE Network Operations and Management Symposium (NOMS), pages 1–6.
Silva, E. F., Muchaluat-Saade, D. C., and Fernandes, N. C. (2018). Across: A generic framework for attribute-based access control with distributed policies for virtual organizations. Future Generation Computer Systems, 78:1 – 17.
Steiner, J. G., Neuman, C., and Schiller, J. I. (1988). Kerberos: An authentication service for open network systems. In IN USENIX CONFERENCE PROCEEDINGS, pages 191–202.
