This is probably going to brand me as a serious radical, but what the hey.
If I had my 'druthers, it wouldn't have a webserver, either. GBAdmin is a much more secure tool for managing the GNAT Box. Allowing the GNAT Box to be managed using HTTPS instead of HTTP was a step in the right direction, but I would still be more comfortable if the web interface were removed. When I can't use GBAdmin, I use one of the GNAT Boxes that have a serial console (which includes GB-Flash, now) and run a console cable to one of the serial ports on a UNIX system and manage the GNAT Box using 'cu'. Since we set up the modems on our Customers' UNIX systems with callback security (you can't get in from anywhere buy our office, and even then you still have to authenticate) this gives as much protection to the GNAT Box as I can manage. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Rob Genovesi [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 2:12 PM > To: [EMAIL PROTECTED] > Subject: RE: [gb-users] SNMP Management > > > At 02:00 PM 5/22/2002 -0400, you wrote: > >Part of what makes GNAT Box such an excellent firewall is that it > >doesn't install on top of an OS that's trying to provide services > >that the filters are trying to deny. This gives you two layers > >of security for the firewall itself -- even if you get past the > >filters, there's nothing that wants to talk to you. > > The gnatbox has a DNS server, even though there have been various DNS > exploits in the past. > > The DNS server is available, but not activated by default. > The DNS server > seems to be a very slimmed down version designed to provide > only the most > necessary services for operation. > > Why can't the same methodology be used for something link SNMP? > > > > Rob Genovesi > [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > Archive of the last 1000 messages: > http://www.mail-archive.com/[email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
