On Mon, 14 Jan 2002, Mike Hoskins wrote: > Ken Milder wrote: > > Most switches support remote management features like web interfaces, > > SNMP, telnet, etc. > Paul Robertson wrote: > > In-band management wasn't good for the phone system, and it's not good > > for IP networks. > > Some people have dedicated management networks, making your definition of > 'in-band' equivalent to 'out of band' for those folks.
Yep, if you were following the thread, I recommended that very thing- it was probably burried in a lot of foamy ranting though ;) > That said, I /know/ noone in charge of network security enables web > interfaces, or allows SNMP/telnet to be accessed via a public network. You'd be surprised at how many sites will allow telnet or SNMP. Things are starting to get better, but over the last few years, I've been amazed at the number of places that don't put basic filtering on their border routers. Part of this dovetails into the ongoing saga...er- thread about IT professionals. Many folks aren't security professionals, they're people stuck doing a job they don't have a great grasp of, and all those Web interfaces and remote command thingies help them do it, but those access list things are all confusing and break stuff. Given the number of places I've seen recently on outdated Web server software, "public network" tends not to be the low bar it once was. Let's not forget that "in charge of network security" != "network security person." Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
