nanog mailing list archives

Re: ipmi access

From: charles () thefnf org
Date: Mon, 02 Jun 2014 10:19:53 -0500

On 2014-06-02 07:19, Andrew Latham wrote:

I use OpenVPN to access an Admin/sandboxed network with insecureportals,
wiki, and ipmi.

Same here. My entire in band management plane (DRAC(disk/cpu/temperature etc telemetry to my OpenManage/Zenoss server),OpenSSH and 80/443 for backend stuffs) is all behind OpenVPN. Zerooutside exposure.

Out of band, is a cyclades (acs48) directly on the internet with all myconsoles hooked up and it controls daisy chained Cyclades PDUs. I havefairly strong passwords on it, everything is SSH.

How important is it to setup ACLs on it? Like say some VPS that'soutside my infra and lock the Cyclades down to that? Is that really amuch higher level of security?

Current thread:

Re: ipmi access, (continued)
- - - Re: ipmi access Paul S. (Jun 02)
    - Re: ipmi access Brian Rak (Jun 02)
  - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Andrew Latham (Jun 02)
    - Re: ipmi access coy . hile (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Chris Adams (Jun 02)
    - Re: ipmi access Jimmy Hess (Jun 02)
    - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Peter Kristolaitis (Jun 02)
  - Re: ipmi access charles (Jun 02)
- Re: ipmi access Jeroen Massar (Jun 02)
- Re: ipmi access Jared Mauch (Jun 02)
  - Re: ipmi access Randy Bush (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
  - Re: ipmi access shawn wilson (Jun 02)
    - Re: ipmi access Blake Hudson (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Nikolay Shopik (Jun 02)
    - Re: ipmi access Christopher Morrow (Jun 02)
    - Re: ipmi access Jeroen Massar (Jun 02)

(Thread continues...)