General question, was: question on securing out-of-band management

[Brian Loe <knobdy () gmail com>]

On 2/8/06, R. DuFresne <dufresne () sysinfo com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----

> Be wary of VPN bloat, or VPNmadness, whence you have so many VPN/VLAN
> zones, no one can remember which zone to get to which server set let alone
> the passwd for each.  I think was presently have 20 or 25 such silly
> things for our "management network" (give or take 5-10, I quit counting).
>
>
> Thanks,
>
> Ron DuFresne


We have that mess here - times 4, at least - for the customer side of things!

Am I wrong in believing that a simple network is a more secure
network? That since we deal with a lot of customer VPN connections,
rather than NATing them and building holes through all of the
firewalls (3-4 depending) we'd be better off NATing them to a network,
and giving the network the access required? Possibly figure out a way
to PVLAN each customer tunnel so that they can't talk to each other,
etc.?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards