nanog mailing list archives
Re: ipmi access
From: charles () thefnf org
Date: Mon, 02 Jun 2014 10:19:53 -0500
On 2014-06-02 07:19, Andrew Latham wrote:
I use OpenVPN to access an Admin/sandboxed network with insecure portals,wiki, and ipmi.
Same here. My entire in band management plane (DRAC (disk/cpu/temperature etc telemetry to my OpenManage/Zenoss server), OpenSSH and 80/443 for backend stuffs) is all behind OpenVPN. Zero outside exposure.
Out of band, is a cyclades (acs48) directly on the internet with all my consoles hooked up and it controls daisy chained Cyclades PDUs. I have fairly strong passwords on it, everything is SSH.
How important is it to setup ACLs on it? Like say some VPS that's outside my infra and lock the Cyclades down to that? Is that really a much higher level of security?
Current thread:
- Re: ipmi access, (continued)
- Re: ipmi access Paul S. (Jun 02)
- Re: ipmi access Brian Rak (Jun 02)
- Re: ipmi access Randy Bush (Jun 02)
- Re: ipmi access Andrew Latham (Jun 02)
- Re: ipmi access coy . hile (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Chris Adams (Jun 02)
- Re: ipmi access Jimmy Hess (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Peter Kristolaitis (Jun 02)
- Re: ipmi access charles (Jun 02)
- Re: ipmi access Randy Bush (Jun 02)
- Re: ipmi access Christopher Morrow (Jun 02)
- Re: ipmi access shawn wilson (Jun 02)
- Re: ipmi access Blake Hudson (Jun 02)
- Re: ipmi access Christopher Morrow (Jun 02)
- Re: ipmi access Nikolay Shopik (Jun 02)
- Re: ipmi access Christopher Morrow (Jun 02)
- Re: ipmi access Jeroen Massar (Jun 02)