Firewall Wizards mailing list archives
General question, was: question on securing out-of-band management
From: Brian Loe <knobdy () gmail com>
Date: Thu, 9 Feb 2006 13:33:29 -0600
On 2/8/06, R. DuFresne <dufresne () sysinfo com> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Be wary of VPN bloat, or VPNmadness, whence you have so many VPN/VLAN zones, no one can remember which zone to get to which server set let alone the passwd for each. I think was presently have 20 or 25 such silly things for our "management network" (give or take 5-10, I quit counting). Thanks, Ron DuFresne
We have that mess here - times 4, at least - for the customer side of things! Am I wrong in believing that a simple network is a more secure network? That since we deal with a lot of customer VPN connections, rather than NATing them and building holes through all of the firewalls (3-4 depending) we'd be better off NATing them to a network, and giving the network the access required? Possibly figure out a way to PVLAN each customer tunnel so that they can't talk to each other, etc.? _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- General question, was: question on securing out-of-band management Brian Loe (Feb 15)
- Re: General question, was: question on securing out-of-band management golovast (Feb 19)
- Re: General question, was: question on securing out-of-band management R. DuFresne (Feb 20)