The original Raptor Eagle did exactly that. It used a Tcl/Tk front end (called Raptor hawk) to an secure telnet (not SSH but an earlier incarnation). Unfortunately it was only GUI based, but the GUI was fairly secure. More recent incarnations still use proprietary GUI's. The problem is that command line solutions are necessary for bulk changes (needing to change all IP references to another space for example).
What is starting to bug me is the number of printers, CD stacks etc. that are using browsers to configure them. Most peripherals have fairly powerful embedded processors. Look at the stink about the Xerox enterprise copier that is built around a Solaris box running wide open. Since these are not seen as "computers', there is often less attention paid to their security, even in security conscious enterprises. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mikael Olsson Sent: Fri May 31 2002 07:59 To: Ben Nagy Cc: [EMAIL PROTECTED] Subject: Re: a web management system for the NetGAP firewall appliance (off-topic) <snip> My favourite design is a specialized app with a bare bones encrypted connection to the firewall. This is what we do, which indeed leaves the value my opinions somewhat questionable. In my defense, I can say we do things this way because of my opinions (and my colleauges'), and not the other way around. And, no, GUI stuff isn't easily portable, so if you absolutely need to admin your firewall from a BeOS box, web based administration is probably a key factor. ;) Of course, all of this is moot for a SOHO type business, which is likely to have so many other security problems that possible attacks against the web interface is just another drop in the sea. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls