Wed, Jun 19, 2024 at 08:58:01AM +0300, Saku Ytti: > To me none of the above matters. I don't care how insecure the BMC is. > I just want a true OOB port that works when my router does not work. I > want an OOB port that won't break my router, when my OOB LAN has a > broadcast storm or some other unexpected behaviour. I want an OOB port > over which I can bootstrap factory new router.
With current BMCs, you will have moved the target and degraded the security. A successful compromiser would have SOL access, BIOS access (or equiv), potentially an ether port shared with the CP, .... > Perfect is the enemy of done And enemy of security is lack of effort? Current BMCs would be a step backward, imiho. I wish they were better; a lot of potential.. _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
