At the risk of being accused of anything but helpful......
For a small to medium network, it seems to me that isolating your servers from
BOTH the LAN and outside networks with a DMZ firewall AND secure access
box with POTS remote access makes lots of sense and is relatively inexpensive
to implement.
There was a nice article in LJ recently about DMZ configuration and I think
Cyclades and others market 4-32 port RS-232 terminal servers, while Pentium
and K6 boxes with modest resources and a pair of NIC's are dirt cheap compared
to downtime, loss of revenue, etc..
Invoke serial port console support in the kernel, allow only the
IP of the terminal server access to ssh, telnet, etc on that port ONLY,
deny everything else and use a POTS dial-up line for remote access and
let the DMZ take hits from the outside. Double, triple and multi-dundant.
It's a simplistic approach, but sometimes that's just what it takes. Plus,
it's way cheaper than hardware routers and gawd awful software licenses!
IMHO the loss of LAN & internet console access is well worth the
security features.
jk
-----------------------------
James S. Kaplan KG7FU
Eugene Oregon USA
[EMAIL PROTECTED]
http://www.rio.com/~kg7fu
ICQ # 1227639
Have YOU tried Linux today?
-----------------------------
