Security Basics mailing list archives
Re: switch console or ip ?
From: Chris Moody <cmoody () qualcomm com>
Date: Wed, 20 Oct 2004 19:58:39 -0700 (PDT)
Which indicates that you only have half of an "out of band" management network built. At one ISP I worked for in years past, we had separate term servers at each remote location...specificly for the management of the devices. Absolutely -0- of our mgmt traffic traversed the production links. the network team LOVED each other (poking fun... ;o) ...) Anyway, if you shop around for a good terminal server solution, you can keep your devices transparent to the production traffic...manage them via a completely separate network...and even build it to allow dial-in backup connections should your mgmt net fail for any reason. I never had to drive from Denver to NYC to recover a device either. Just my experience. Cheers, -Chris On Wed, 20 Oct 2004, xyberpix wrote:
Definately!! So long as no-one else "untrustworthy" has physical access to the switch. We do this on all our switches, it's not the only way to secure them, but it does make it quite a bit more difficult to gain access to, and to manage. Your network team will probably hate you if you go this route, but hey. xyberpix On Mon, 18 October, 2004 9:06 pm, Okiwaso said:Would it be more secure to only enable access to a Cisco switch via console so Cisco exploits could not potentially reach it through internet traffic that may have got past firewall, IDS, etc ? Thanks, Oki-- For security and Opensource news check out: http://xyberpix.demon.co.uk
Current thread:
- switch console or ip ? Okiwaso (Oct 19)
- Re: switch console or ip ? Nathaniel Hall (Oct 20)
- Re: switch console or ip ? Barrie Dempster (Oct 20)
- Re: switch console or ip ? xyberpix (Oct 20)
- Re: switch console or ip ? Chris Moody (Oct 21)