Redesigning remote system administration paradigms for enhanced security and flexibility

摘要

Remote system administration is usually performed according to the standard client-server model. However, important security and flexibility limitations, arising from the usage of a predictable access port for such a critical application, prevent a satisfactory trade-off between authentication strength and service availability. We illustrate an alternative solution, based on an additional system placed in between the remote server and its administrator. Our design ensures that the new component's role does not weaken the existing security mechanisms already in place, but it can instead enhance them, and provide a very effective decoupling between a server and its visible management ports.