Re: IPMI security article

2013-02-20 Thread Lloyd Kvam
On Tue, 2013-02-19 at 16:04 -0500, Michael ODonnell wrote:
> 
> IPMI was involved with reestablishing communications with
> your Dom-0 ?   Interesting.  Was that via Serial-Over-LAN?

No.  Sorry to confuse things.

My Dom-0 has its own IP address.  I had failed to map a firewall port to
the Dom-0 ssh port.  It had never been necessary for me to access Dom-0
remotely before.

I was totally unaware of IPMI until I encountered that article grumbling
about IPMI security.  I did not even know that I had IPMI on my server -
a fairly low-cost Supermicro box.

-- 
Lloyd Kvam
Venix Corp.
1 Court Street, Suite 378
Lebanon, NH 03766-1358

voice:  802-448-0836
fax:320-210-3409

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/


Re: IPMI security article

2013-02-19 Thread Michael ODonnell


IPMI was involved with reestablishing communications with
your Dom-0 ?   Interesting.  Was that via Serial-Over-LAN?

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/


Re: IPMI security article

2013-02-19 Thread Lloyd Kvam
On Tue, 2013-02-19 at 11:16 -0500, Kevin D. Clark wrote:
> Lloyd Kvam writes:
> 
> > Should I simply disable IPMI or is it likely to be useful even in my
> > circumstances?  
> 
> Do you have any need to manage your server remotely using the
> functionality that IPMI provides?  How easy is it for you to
> physically access your server?

I had failed to provide remote access to Xen Dom-0.  When my virtualized
server failed to start, Bill McGonigle stopped in my office to make
repairs and get it started.  I have fixed that oversight and can now ssh
to both Dom-0 and my virtual mail server.

The server sits on a table in my office, so access is normally trivial.
I usually use ssh as the most convenient, but the server is also on a
KVM.  I have simply ignored hardware management beyond smartd.

My primary concern was yet another security vector to worry about, but I
don't think I have any exposure right now.

> I've been giving IPMI some thought lately as well.
> 
> Regards,
> 
> --kevin

-- 
Lloyd Kvam
Venix Corp
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug

___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/


Re: IPMI security article

2013-02-19 Thread Kevin D. Clark

Lloyd Kvam writes:

> Should I simply disable IPMI or is it likely to be useful even in my
> circumstances?  

Do you have any need to manage your server remotely using the
functionality that IPMI provides?  How easy is it for you to
physically access your server?

I've been giving IPMI some thought lately as well.

Regards,

--kevin
-- 
alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/
GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E

And the Army Ants, they leave nothin' but the bones...
   -- Tom Waits
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/