[Info-vax] Securing IP based management consoles/ports
JF Mezei
jfmezei.spamnot at vaxination.ca
Sat Nov 7 21:51:27 EST 2009
OK, this isn't strictly VMS based but folks in c.o.v. would have
valuable experience for this.
My new server has a management interface on one of the 2 ethernet ports,
shared with the OS, but with its own IP address separate from that of
the OS. It has the power to turn the machine on and off (in other words,
the ultimate in power).
What steps should be taken to secure this port ? It can't be in a
separate VLAN since it is shared with the ethernet used by the OS.
But it could be in a separate subnet. (but that is just security by
obscurity).
>From a firewall point of view should I program the internet-facing
router to block any traffic to that IP address on the LAN ?
And would there be a way to allow secure remote access to the console
(say if I am away from the office and need to power off and power on the
machine from the internet).
More information about the Info-vax
mailing list