Secure Telnet & SSH Proxy
The common industry practice where networks are partitioned into security zones using conventional firewalls creates a problem for users of these management applications, requiring them to choose between two equally unacceptable alternatives: prevent Telnet and SSH from passing through the firewall, accepting limited ability to manage the devices beyond, or allow Telnet and/or SSH to pass through the firewall, accepting the associated security risks. ZoneRanger resolves this dilemma, acting as a transport-layer proxy for Telnet and SSH traffic, enabling management applications to extend their reach beyond firewalls, while mitigating the associated security risks in a variety of ways:
- ZoneRanger effectively breaks the underlying TCP transport connection that carries the Telnet and/or SSH traffic into two connections, helping to protect the management application from TCP-based attacks.
- ZoneRanger allows management applications to originate Telnet or SSH sessions with managed devices, but connections in the reverse direction are not allowed.
- ZoneRanger can be configured to restrict Telnet and SSH traffic to specified devices and ports.
- ZoneRanger can be configured to perform destination port translation, allowing management applications to initiate Telnet or SSH sessions using standard well-known ports, to devices that have been configured to use non-standard ports as a security precaution (i.e. to fool/confuse port scanners).
- HTTP / HTTPS
- NetFlow / sFlow
- TACACS+ / RADIUS