On Mon, 14 Jan 2002, Mike Hoskins wrote:

> Ken Milder wrote:
> > Most switches support remote management features like web interfaces,
> > SNMP, telnet, etc.
> Paul Robertson wrote:
> > In-band management wasn't good for the phone system, and it's not good
> > for IP networks.
> 
> Some people have dedicated management networks, making your definition of
> 'in-band' equivalent to 'out of band' for those folks.

Yep, if you were following the thread, I recommended that very thing- it 
was probably burried in a lot of foamy ranting though ;)

> That said, I /know/ noone in charge of network security enables web
> interfaces, or allows SNMP/telnet to be accessed via a public network.

You'd be surprised at how many sites will allow telnet or SNMP.  Things 
are starting to get better, but over the last few years, I've been amazed at 
the number of places that don't put basic filtering on their border 
routers.  

Part of this dovetails into the ongoing saga...er- thread about IT 
professionals.  Many folks aren't security professionals, they're people 
stuck doing a job they don't have a great grasp of, and all those Web 
interfaces and remote command thingies help them do it, but those access 
list things are all confusing and break stuff.

Given the number of places I've seen recently on outdated Web server 
software, "public network" tends not to be the low bar it once was.  Let's 
not forget that "in charge of network security" != "network security 
person."

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
[EMAIL PROTECTED]      which may have no basis whatsoever in fact."

_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls

Reply via email to