Re: switch console or ip ?

From: Chris Moody (cmoody_at_qualcomm.com)
Date: 10/21/04

Next message: Casper the Friendly Ghost: "Re: Linux hacked"

Previous message: adisegna_at_siscocorp.com: "RE: Group policy help"
In reply to: xyberpix: "Re: switch console or ip ?"
Next in thread: Nathaniel Hall: "Re: switch console or ip ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 20 Oct 2004 19:58:39 -0700 (PDT)
To: xyberpix <xyberpix@xyberpix.com>

Which indicates that you only have half of an "out of band" management
network built. At one ISP I worked for in years past, we had separate
term servers at each remote location...specificly for the management of
the devices. Absolutely -0- of our mgmt traffic traversed the production
links.

the network team LOVED each other (poking fun... ;o) ...)

Anyway, if you shop around for a good terminal server solution, you can
keep your devices transparent to the production traffic...manage them via
a completely separate network...and even build it to allow dial-in backup
connections should your mgmt net fail for any reason.

I never had to drive from Denver to NYC to recover a device either.

Just my experience.

Cheers,
-Chris

On Wed, 20 Oct 2004, xyberpix wrote:

> Definately!!
> So long as no-one else "untrustworthy" has physical access to the switch.
> We do this on all our switches, it's not the only way to secure them, but
> it does make it quite a bit more difficult to gain access to, and to
> manage. Your network team will probably hate you if you go this route, but
> hey.
>
> xyberpix
>
> On Mon, 18 October, 2004 9:06 pm, Okiwaso said:
> > Would it be more secure to only enable access to a Cisco switch via
> > console
> > so Cisco exploits could not potentially reach it through internet traffic
> > that may have got past firewall, IDS, etc ?
> >
> > Thanks,
> > Oki
> >
>
>
> --
> For security and Opensource news check out:
> http://xyberpix.demon.co.uk
>

Next message: Casper the Friendly Ghost: "Re: Linux hacked"

Previous message: adisegna_at_siscocorp.com: "RE: Group policy help"
In reply to: xyberpix: "Re: switch console or ip ?"
Next in thread: Nathaniel Hall: "Re: switch console or ip ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: 16-Core, 16-Thread RISC Processor: how good is it?
... |> for remote update of management processor firmware so you can't break ... firmware every time the vendor issues an important fix - which can ... However, in many cases, it is NOT true that they use a separate card ... for the management Ethernet, and it is the update of the firmware on ...
(comp.arch)
Re: 2003/R2 certificate server questions
... separate CA for the Linux/samba domain. ... certificate management at the CA if you require the ... you can set up a certificate ... Automatic certs, Key archival and recovery, customizable ...
(microsoft.public.windows.server.security)
Can DICOM archive be easily separated from DSS/OrderFiller?
... modality work-list management, report scheduling, workflow management, and ... DICOM archiving and auto-routing within our own system. ... Some developers believe that the hurdles of keeping two separate systems -- ...
(comp.protocols.dicom)
separating business email from personal
... Two people need to synchronize their Outlook email with a contact management ... emails separate from personal? ... The business email usually is forwarded from a mail server on the website ... Iron & mixed media vessel sculptures ...
(microsoft.public.outlook.general)